Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2019-8331 Vulnerability in npm package bootstrap

CVE-2023-37903 Vulnerability in npm package vm2

CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder

CVE-2023-30543 Vulnerability in npm package @web3-react/metamask

CVE-2023-3348 Vulnerability in npm package wrangler

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory