Описание
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability
Codefresh Integration Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.
As of publication of this advisory, there is no fix.
Пакеты
Наименование
org.jenkins-ci.plugins:codefresh
maven
Затронутые версииВерсия исправления
<= 1.8
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.