Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter

CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal

CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin-grid-flow

CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory