GHSA-7jwg-hq85-c6m6

Suggest an improvement
Source
https://github.com/advisories/GHSA-7jwg-hq85-c6m6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7jwg-hq85-c6m6/GHSA-7jwg-hq85-c6m6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7jwg-hq85-c6m6
Aliases
  • CVE-2022-41243
Published
2022-09-22T00:00:28Z
Modified
2023-11-08T04:10:28.571561Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins SmallTest Plugin missing hostname validation
Details

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. There is currently no known workaround or fix for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-23T13:31:37Z",
    "nvd_published_at": "2022-09-21T16:15:00Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / com.smalltest:smalltest

Package

Name
com.smalltest:smalltest
View open source insights on deps.dev
Purl
pkg:maven/com.smalltest/smalltest

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0.4

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.0.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7jwg-hq85-c6m6/GHSA-7jwg-hq85-c6m6.json"