Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2022-31692 Vulnerability in maven package org.springframework.security:spring-security-web

CVE-2022-31160 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2014-0003 Vulnerability in maven package org.apache.camel:camel-core

CVE-2022-36901 Vulnerability in maven package org.jenkins-ci.plugins:http_request

CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory