Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2018-20677 Vulnerability in npm package bootstrap

CVE-2017-1000104 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider

CVE-2023-32988 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory