Description
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941
Related Vulnerabilities
CVE-2023-33940 Vulnerability in maven package com.liferay:com.liferay.client.extension.type.impl
CVE-2023-32313 Vulnerability in npm package vm2
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log
CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private