CVE-2018-1999034 : A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Published 2018-08-01 13:29:01

Updated 2018-10-09 15:07:46

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-1999034

Jenkins » Inedo Proget » For Jenkins
Versions up to, including, (<=) 0.8
cpe:2.3:a:jenkins:inedo_proget:*:*:*:*:*:jenkins:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1999034

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1999034

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
7.4	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	2.2	5.2	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2018-1999034

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1999034

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933

Jenkins Security Advisory 2018-07-30
Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-1999034

Products affected by CVE-2018-1999034

Exploit prediction scoring system (EPSS) score for CVE-2018-1999034

CVSS scores for CVE-2018-1999034

CWE ids for CVE-2018-1999034

References for CVE-2018-1999034