Описание
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.
Пакеты
Наименование
com.inedo.proget:inedo-proget
maven
Затронутые версииВерсия исправления
<= 0.8
1.0
Связанные уязвимости
CVSS3: 7.4
nvd
больше 7 лет назад
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.