Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2012-2098 Vulnerability in maven package org.apache.commons:commons-compress

CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2012-6662 Vulnerability in npm package jquery-ui

CVE-2023-28675 Vulnerability in maven package org.jenkinsci.plugins:octoperf

CVE-2022-34195 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory