PT-2018-15204 · Jenkins · Jenkins Tracetronic Ecu-Test Plugin+1

Daniel Beck

·

Publicado

2018-08-01

·

Atualizado

2022-05-14

·

CVE-2018-1999025

CVSS v3.1

7.4

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Jenkins TraceTronic ECU-TEST Plugin versions 2.3 and earlier
Description A man-in-the-middle issue exists that allows attackers to impersonate any service that Jenkins connects to. This is due to vulnerabilities in the ATXPublisher.java and ATXValidator.java files.
Recommendations For versions 2.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2018-1999025
GHSA-W86J-99WG-R29F

Produtos afetados

Jenkins
Jenkins Tracetronic Ecu-Test Plugin