Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2014-3655 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-48219 Vulnerability in npm package tinymce

CVE-2016-5019 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl

CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2017-18355 Vulnerability in npm package rendertron-middleware

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory