Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2021-21696 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator

CVE-2021-21341 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2016-10006 Vulnerability in maven package org.owasp.antisamy:antisamy

CVE-2021-36161 Vulnerability in maven package org.apache.dubbo:dubbo-common

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory