Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2022-3782 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2022-23302 Vulnerability in maven package log4j:log4j

CVE-2023-34036 Vulnerability in maven package org.springframework.hateoas:spring-hateoas

CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory