Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server

CVE-2020-1947 Vulnerability in maven package org.apache.shardingsphere:shardingsphere

CVE-2017-12619 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2023-43495 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-24440 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory