CVE-2018-1999035

Improper Certificate Validation in maven/com.inedo.buildmaster/inedo-buildmaster

Identifiers

GHSA-hrr3-7r5v-vxx5, CVE-2018-1999035

Package Slug

maven/com.inedo.buildmaster/inedo-buildmaster

Vulnerability

Improper Certificate Validation

Description

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Affected Versions

All versions up to 1.3

Solution

Upgrade to version 2.0 or above.

Last Modified

2024-01-31

source