GHSA-7jwg-hq85-c6m6

Source

https://github.com/advisories/GHSA-7jwg-hq85-c6m6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7jwg-hq85-c6m6/GHSA-7jwg-hq85-c6m6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7jwg-hq85-c6m6

Aliases

CVE-2022-41243

Published

2022-09-22T00:00:28Z

Modified

2023-11-08T04:10:28.571561Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Jenkins SmallTest Plugin missing hostname validation

Details

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. There is currently no known workaround or fix for this issue.

Database specific

{
    "nvd_published_at": "2022-09-21T16:15:00Z",
    "github_reviewed_at": "2022-09-23T13:31:37Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-297"
    ]
}

References

Affected packages

Maven / com.smalltest:smalltest

Package

Name: com.smalltest:smalltest; View open source insights on deps.dev
Purl: pkg:maven/com.smalltest/smalltest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.0.4

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4