CVE-2018-1999034

Improper Certificate Validation in maven/com.inedo.proget/inedo-proget

Identifiers

GHSA-h5hm-73hg-frrm, CVE-2018-1999034

Package Slug

maven/com.inedo.proget/inedo-proget

Vulnerability

Improper Certificate Validation

Description

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Affected Versions

All versions up to 0.8

Solution

Upgrade to version 1.0 or above.

Last Modified

2024-01-31

source