Описание
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.0.146 (исключая)
cpe:2.3:a:jenkins:ns-nd_integration_performance_publisher:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
около 3 лет назад
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
EPSS
Процентиль: 22%
0.00071
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295