Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-client

CVE-2021-20202 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2023-48222 Vulnerability in maven package org.rundeck:rundeck

CVE-2018-17247 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2012-5887 Vulnerability in maven package tomcat:catalina

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory