CVE-2018-1999035

Published: Aug 1, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Affected (1)

Products: Jenkins: Inedo Buildmaster

Jenkins

1 product

Inedo Buildmaster

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Inedo Buildmaster	Up to 1.3

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Source: cve@mitre.org

Vendor Advisory

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.