Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2017-15717 Vulnerability in maven package org.apache.sling:org.apache.sling.xss

CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro

CVE-2019-1003028 Vulnerability in maven package org.jenkins-ci.plugins:jms-messaging

CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui

CVE-2012-5575 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory