Description
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935
Related Vulnerabilities
CVE-2016-4434 Vulnerability in maven package org.apache.tika:tika-bundle
CVE-2022-36889 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework
CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web
CVE-2017-8452 Vulnerability in npm package kibana
CVE-2023-47797 Vulnerability in maven package com.liferay.portal:release.portal.bom