Description
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941
Related Vulnerabilities
CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-1003078 Vulnerability in maven package org.jenkins-ci.plugins:labmanager
CVE-2016-4461 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2016-4433 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql-deployment