Description
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933
Related Vulnerabilities
CVE-2021-21366 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view
CVE-2017-7559 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-7614 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2020-2169 Vulnerability in maven package org.jenkins-ci.plugins:queue-cleanup