Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core

CVE-2016-0709 Vulnerability in maven package org.apache.portals.jetspeed-2:j2-admin

CVE-2014-3663 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-24434 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2021-23267 Vulnerability in maven package org.craftercms:crafter-engine

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory