GHSA-h5hm-73hg-frrm, CVE-2018-1999034
maven/com.inedo.proget/inedo-proget
Improper Certificate Validation
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.
All versions up to 0.8
Upgrade to version 1.0 or above.
2024-01-31
source |