Man-in-the-Middle Vulnerability in Jenkins TraceTronic ECU-TEST Plugin
CVE-2018-1999025

7.4HIGH

Key Information:

Vendor: Jenkins
Status: Tracetronic Ecu-test
Vendor: CVE Published:; 3 October 2022

Summary

A man-in-the-middle vulnerability exists in the Jenkins TraceTronic ECU-TEST Plugin versions prior to 2.4. This flaw affects the ATXPublisher.java and ATXValidator.java components, allowing attackers to impersonate any external service that Jenkins interacts with. Exploitation of this vulnerability can lead to unauthorized access and information disclosure, posing significant security risks to systems utilizing the affected plugin.

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Jul 30, 2018