CVE-2018-1999035: Improper Certificate Validation

May 14, 2022 (updated January 30, 2024)

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

References

github.com/advisories/GHSA-hrr3-7r5v-vxx5
jenkins.io/security/advisory/2018-07-30/
nvd.nist.gov/vuln/detail/CVE-2018-1999035

Detect and mitigate CVE-2018-1999035 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →