CVE-2018-1999034

HIGH7.4EPSS 0.04%

Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation

Published: 5/14/2022Modified: 2/16/2024

Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Affected packages (1)

Maven/com.inedo.proget:inedo-progetfrom 0, < 1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1999034
WEBhttps://jenkins.io/security/advisory/2018-07-30/#SECURITY-933