Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2022-43426 Vulnerability in maven package io.jenkins.plugins:s3explorer

CVE-2023-24436 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2017-8451 Vulnerability in npm package kibana

CVE-2016-3081 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2016-6651 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory