Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2018-1000175 Vulnerability in maven package org.jenkins-ci.plugins:htmlpublisher

CVE-2023-32981 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-utility-steps

CVE-2021-25640 Vulnerability in maven package org.apache.dubbo:dubbo

CVE-2008-6504 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-33007 Vulnerability in maven package org.jenkins-ci.plugins:loadcomplete

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory