CVE-2018-1999035 – com.inedo.buildmaster:inedo-buildmaster

Package

Manager: maven
Name: com.inedo.buildmaster:inedo-buildmaster
Vulnerable Version: >=0 <2.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00042 pctl0.12085

Details

Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Metadata

Created: 2022-05-14T02:56:40Z
Modified: 2024-01-30T22:11:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hrr3-7r5v-vxx5/GHSA-hrr3-7r5v-vxx5.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-hrr3-7r5v-vxx5
Finding: F163
Auto approve: 1