Maven package
com.inedo.proget/inedo-proget
pkg:maven/com.inedo.proget/inedo-proget
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10412 | — | < 1.3 | 1.3 | Sep 25, 2019 | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-10411 | — | < 2.5.0 | 2.5.0 | Sep 25, 2019 | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2018-1999034 | Hig | 7.4 | < 1.0 | 1.0 | Aug 1, 2018 | A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. |
- CVE-2019-10412Sep 25, 2019affected < 1.3fixed 1.3
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2019-10411Sep 25, 2019affected < 2.5.0fixed 2.5.0
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- affected < 1.0fixed 1.0
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.