Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin

CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater

CVE-2023-24457 Vulnerability in maven package org.jenkins-ci.plugins:keycloak

CVE-2022-36905 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin

CVE-2023-46133 Vulnerability in npm package crypto-es

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory