Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Related Vulnerabilities

CVE-2017-2582 Vulnerability in maven package org.keycloak:keycloak-saml-core

CVE-2016-4999 Vulnerability in maven package org.dashbuilder:dashbuilder-dataset-sql

CVE-2020-2193 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2019-10428 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner

CVE-2018-15801 Vulnerability in maven package org.springframework.security:spring-security-oauth2-jose

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory