155 matches found
CVE-2024-28161
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...
CVE-2024-5445
Ecosystem Agent version 4 4.1.5.2597 and Ecosystem Agent version 5 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position...
CVE-2023-30517
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...
CVE-2023-30516
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...
CVE-2022-45391
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...
CVE-2020-16163
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B upgrade server...
CVE-2009-0128
plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
GHSA-CP9R-G575-XC5F Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...
PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...
CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
Important: Red Hat Security Advisory: ACS 4.6 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...
Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS 4.5 includes the following bug fix: Fixed a bug in which Scanner V4 would perform TLS validation even for integrations that have TLS validation disabled. This release also addresses the following...
Linux Distros Unpatched Vulnerability : CVE-2017-1000256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt version 2.3.0 and later is vulnerable to a bad default configuration of verify-peer=no passed to QEMU by libvirt resulting in a failure to validate...
openSUSE Security Advisory (openSUSE-SU-2024:0372-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...