Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2023-33940 Vulnerability in maven package com.liferay:com.liferay.client.extension.type.impl

CVE-2021-36738 Vulnerability in maven package org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet

CVE-2023-32313 Vulnerability in npm package vm2

CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log

CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory