Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk18on

CVE-2020-7238 Vulnerability in maven package io.netty:netty-codec-http

CVE-2019-1003071 Vulnerability in maven package hudson.plugins.octopusdeploy:octopusdeploy

CVE-2022-26885 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

CVE-2023-32262 Vulnerability in maven package org.jenkins-ci.plugins:dimensionsscm

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory