Описание
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.
Пакеты
Наименование
com.inedo.buildmaster:inedo-buildmaster
maven
Затронутые версииВерсия исправления
<= 1.3
2.0
Связанные уязвимости
CVSS3: 7.4
nvd
больше 7 лет назад
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.