Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding

CVE-2022-34176 Vulnerability in maven package org.jenkins-ci.plugins:junit

CVE-2020-8203 Vulnerability in maven package org.webjars.bower:lodash

CVE-2018-1051 Vulnerability in maven package org.jboss.resteasy:resteasy-yaml-provider

CVE-2022-36912 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory