CVE-2018-1999034: Improper Certificate Validation

May 14, 2022 (updated January 30, 2024)

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

References

github.com/advisories/GHSA-h5hm-73hg-frrm
jenkins.io/security/advisory/2018-07-30/
nvd.nist.gov/vuln/detail/CVE-2018-1999034

Detect and mitigate CVE-2018-1999034 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →