CVE-2018-1999034 – com.inedo.proget:inedo-proget

Package

Manager: maven
Name: com.inedo.proget:inedo-proget
Vulnerable Version: >=0 <1.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00042 pctl0.12085

Details

Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Metadata

Created: 2022-05-14T02:56:39Z
Modified: 2024-01-30T22:11:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h5hm-73hg-frrm/GHSA-h5hm-73hg-frrm.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-h5hm-73hg-frrm
Finding: F163
Auto approve: 1