CVE-2018-1999034

Published: Aug 1, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Affected (1)

Products: Jenkins: Inedo Proget

Jenkins

1 product

Inedo Proget

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Inedo Proget	Up to 0.8

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Source: cve@mitre.org

Vendor Advisory

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.