Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2018-20677 Vulnerability in npm package bootstrap-sass

CVE-2021-21118 Vulnerability in npm package electron

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-management

CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory