Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-1003078 Vulnerability in maven package org.jenkins-ci.plugins:labmanager

CVE-2016-4461 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2016-4433 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql-deployment

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory