Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2013-6372 Vulnerability in maven package org.jenkins-ci.plugins:subversion

CVE-2019-1003094 Vulnerability in maven package org.jenkins-ci.plugins:open-stf

CVE-2021-21349 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-46361 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2018-1067 Vulnerability in maven package io.undertow:undertow-core

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory