Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2017-5635 Vulnerability in maven package org.apache.nifi:nifi-web-security

CVE-2023-45669 Vulnerability in maven package com.webauthn4j:webauthn4j-spring-security-core

CVE-2023-30543 Vulnerability in npm package @web3-react/coinbase-wallet

CVE-2015-5322 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-46233 Vulnerability in maven package org.webjars.npm:github-com-brix-crypto-js

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory