Description

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941

Related Vulnerabilities

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve

CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui

CVE-2024-4367 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist

CVE-2020-2092 Vulnerability in maven package org.jenkins-ci.plugins:robot

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory