Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2023-45669 Vulnerability in maven package com.webauthn4j:webauthn4j-spring-security-core

CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2018-1272 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2023-27495 Vulnerability in npm package @fastify/csrf-protection

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory