Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2023-31064 Vulnerability in maven package org.apache.inlong:manager-workflow

CVE-2022-44644 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc

CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark

CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs

CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory