Описание
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. vSphere Plugin 2.17 now has SSL/TLS certificate validation enabled by default.
Пакеты
Наименование
org.jenkins-ci.plugins:vsphere-cloud
maven
Затронутые версииВерсия исправления
<= 2.16
2.17
Связанные уязвимости
CVSS3: 5.6
nvd
почти 8 лет назад
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.