A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-08-01 13:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-1999034
Mitre link : CVE-2018-1999034
CVE.ORG link : CVE-2018-1999034
JSON object : View
Products Affected
jenkins
- inedo_proget
CWE
CWE-295
Improper Certificate Validation