CVE-2018-1999025

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1999025
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999025.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1999025
Aliases
Published
2018-08-01T13:29:00Z
Modified
2024-09-03T02:09:26.056806Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

References

Affected packages

Git / github.com/jenkinsci/ecutest-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/ecutest-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

ecutest-1.*

ecutest-1.0
ecutest-1.1
ecutest-1.10
ecutest-1.11
ecutest-1.12
ecutest-1.13
ecutest-1.14
ecutest-1.15
ecutest-1.16
ecutest-1.17
ecutest-1.17.1
ecutest-1.18
ecutest-1.2
ecutest-1.3
ecutest-1.4
ecutest-1.5
ecutest-1.6
ecutest-1.7
ecutest-1.8
ecutest-1.9

ecutest-2.*

ecutest-2.0
ecutest-2.1
ecutest-2.2
ecutest-2.3