Lucene search

[email protected]CVE-2019-10444

HistoryOct 16, 2019 - 2:15 p.m.

CVE-2019-10444

2019-10-1614:15:12

CWE-295

[email protected]

web.nvd.nist.gov

cve-2019-10444

jenkins

bumblebee

hp alm plugin

ssl

tls

vulnerability

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.0%

JSON

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.

Affected configurations

NVD

Node

jenkinsbumblebee_hp_almRange≤4.1.3jenkins

CPENameOperatorVersion
jenkins:bumblebee_hp_almjenkins bumblebee hp almle4.1.3

CPE	Name	Operator	Version
jenkins:bumblebee_hp_alm	jenkins bumblebee hp alm	le	4.1.3

CNA Affected

[
  {
    "product": "Jenkins Bumblebee HP ALM Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "4.1.3 and earlier"
      }
    ]
  }
]

References

jenkins.io/security/advisory/2019-10-16/#SECURITY-1481

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for CVE-2019-10444

osv2 alpinelinux1 github1 prion1 cvelist1 nvd1