CVE-2018-1999025 — Improper Certificate Validation in Jenkins Tracetronic Ecu-test

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

7.4HIGHNVD

EPSS

0.0%

top 87.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Tracetronic Ecu-test

Timeline

PublishedAug 1

Latest updateMay 14

Description

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

▶NVDjenkins/tracetronic_ecu-test2.3

🔴Vulnerability Details

GHSA

Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability↗2022-05-14

▶

OSV

Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability↗2022-05-14

▶

CVEList

CVE-2018-1999025: A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2↗2018-08-01

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-07-30↗2018-07-30

▶