Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2017-15691 Vulnerability in maven package org.apache.uima:jvinci

CVE-2021-3637 Vulnerability in maven package org.keycloak:keycloak-model-infinispan

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory