An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tOHgyLTRnYzgtOXYzcs4AAWOd

Jenkins CollabNet Plugin man in the middle vulnerability

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in,, that allows attackers to impersonate any service that Jenkins connects to. CollabNet Plugin 2.0.5 and newer no longer does that. It instead requires users to opt in to disabling SSL/TLS certificate validation by setting the system property hudson.plugins.collabnet.CollabNetPlugin.skipSslValidation to true. This feature applies to connections by this plugin only.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 4 months ago

CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Identifiers: GHSA-m8x2-4gc8-9v3r, CVE-2018-1000605

Affected Packages

Versions: <= 2.0.4
Fixed in: 2.0.5