PT-2018-15213 · Jenkins · Jenkins Inedo Proget Plugin+1

Daniel Beck

Published

2018-08-01

Updated

2022-05-14

CVE-2018-1999034

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Inedo ProGet Plugin versions 0.8 and earlier

Description A man-in-the-middle issue exists that allows attackers to impersonate any service that Jenkins connects to. This is due to vulnerabilities in the ProGetApi.java, ProGetConfig.java, and ProGetConfiguration.java files.

Recommendations For Jenkins Inedo ProGet Plugin versions 0.8 and earlier, update to a version later than 0.8 to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2018-1999034

GHSA-H5HM-73HG-FRRM

Affected Products

Jenkins

Jenkins Inedo Proget Plugin

PT-2018-15213 · Jenkins · Jenkins Inedo Proget Plugin+1

CVE-2018-1999034

Weakness Enumeration

Related Identifiers

Affected Products

References · 4