Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2011-5063 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux

CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request

CVE-2017-5662 Vulnerability in maven package batik:batik-dom

CVE-2018-1317 Vulnerability in maven package org.apache.zeppelin:zeppelin

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory