Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2023-50578 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2023-37466 Vulnerability in npm package vm2

CVE-2022-23181 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2022-23617 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-1999005 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory