Описание
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service.
Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.
Пакеты
Наименование
org.jenkins-ci.plugins:bumblebee
maven
Затронутые версииВерсия исправления
<= 4.1.3
4.1.4
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.