Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Related Vulnerabilities

CVE-2022-32531 Vulnerability in maven package org.apache.bookkeeper:bookkeeper-common

CVE-2018-17194 Vulnerability in maven package org.apache.nif:nifi-framework-cluster

CVE-2015-8858 Vulnerability in npm package uglify-js

CVE-2020-2110 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2022-36916 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

Severity

High

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory