CVE-2022-41243 – com.smalltest:smalltest

Package

Manager: maven
Name: com.smalltest:smalltest
Vulnerable Version: >=0 <=1.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00089 pctl0.26266

Details

Jenkins SmallTest Plugin missing hostname validation Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. There is currently no known workaround or fix for this issue.

Metadata

Created: 2022-09-22T00:00:28Z
Modified: 2022-12-06T19:50:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7jwg-hq85-c6m6/GHSA-7jwg-hq85-c6m6.json
CWE IDs: ["CWE-297"]
Alternative ID: GHSA-7jwg-hq85-c6m6
Finding: F163
Auto approve: 1