Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability

2022-05-1402:57:12

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

CPENameOperatorVersion
de.tracetronic.jenkins.plugins:ecutesteq1.5
de.tracetronic.jenkins.plugins:ecutesteq1.7
de.tracetronic.jenkins.plugins:ecutesteq1.9
de.tracetronic.jenkins.plugins:ecutesteq2.2
de.tracetronic.jenkins.plugins:ecutesteq1.14
de.tracetronic.jenkins.plugins:ecutesteq1.3
de.tracetronic.jenkins.plugins:ecutesteq2.3
de.tracetronic.jenkins.plugins:ecutesteq2.0
de.tracetronic.jenkins.plugins:ecutesteq1.8
de.tracetronic.jenkins.plugins:ecutesteq2.1

Name	Operator	Version
de.tracetronic.jenkins.plugins:ecutest	eq	1.5
de.tracetronic.jenkins.plugins:ecutest	eq	1.7
de.tracetronic.jenkins.plugins:ecutest	eq	1.9
de.tracetronic.jenkins.plugins:ecutest	eq	2.2
de.tracetronic.jenkins.plugins:ecutest	eq	1.14
de.tracetronic.jenkins.plugins:ecutest	eq	1.3
de.tracetronic.jenkins.plugins:ecutest	eq	2.3
de.tracetronic.jenkins.plugins:ecutest	eq	2.0
de.tracetronic.jenkins.plugins:ecutest	eq	1.8
de.tracetronic.jenkins.plugins:ecutest	eq	2.1