Description
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935
Related Vulnerabilities
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors
CVE-2017-15691 Vulnerability in maven package org.apache.uima:jvinci
CVE-2021-3637 Vulnerability in maven package org.keycloak:keycloak-model-infinispan