An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tOHgyLTRnYzgtOXYzcs4AAWOd

Jenkins CollabNet Plugin man in the middle vulnerability

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in,, that allows attackers to impersonate any service that Jenkins connects to. CollabNet Plugin 2.0.5 and newer no longer does that. It instead requires users to opt in to disabling SSL/TLS certificate validation by setting the system property hudson.plugins.collabnet.CollabNetPlugin.skipSslValidation to true. This feature applies to connections by this plugin only.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Identifiers: GHSA-m8x2-4gc8-9v3r, CVE-2018-1000605
References: Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 2.0.4
Fixed in: 2.0.5