Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2022-29599 Vulnerability in maven package org.apache.maven.shared:maven-shared-utils

CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver

CVE-2018-1999029 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

CVE-2023-34981 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-29484 Vulnerability in npm package ghost

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory