Lucene search

GitHub Advisory DatabaseGHSA-PFH3-J79R-VQRJ

HistoryMar 06, 2024 - 6:30 p.m.

Jenkins Delphix Plugin has improper SSL/TLS certificate validation

2024-03-0618:30:39

GitHub Advisory Database

github.com

jenkins

delphix

plugin

ssl/tls

certificate

validation

data control tower

dct

connection

software

security

issue

administrators

global option

restart

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.

Affected configurations

Vulners

Node

org.jenkinsci.plugins\Matchdelphix

CPENameOperatorVersion
org.jenkins-ci.plugins:delphixlt3.1.1

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:delphix	lt	3.1.1

References

www.openwall.com/lists/oss-security/2024/03/06/3

github.com/advisories/GHSA-pfh3-j79r-vqrj

github.com/jenkinsci/delphix-plugin/commit/798a36148526dbf6028eb6443f193c8f02c75cf2

nvd.nist.gov/vuln/detail/CVE-2024-28162

www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330