Description
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941
Related Vulnerabilities
CVE-2023-35110 Vulnerability in maven package de.grobmeier.json:jjson
CVE-2017-1000394 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2022-36911 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat