Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-930 | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2019/04/30/5 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/108159 |
Configurations
Information
Published : 2019-04-30 06:29
Updated : 2019-05-06 05:29
NVD link : CVE-2019-10317
Mitre link : CVE-2019-10317
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
jenkins
- sitemonitor