6 matches found
Authentication flaw
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...
CVE-2022-28144
The connected docs confirm CVE-2022-28144 affects Jenkins Proxmox Plugin 0.7.0 and earlier, due to missing permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to initiate a connection test to an attacker‑controlled host using attacker‑supplied username/...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
Design/Logic Flaw
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2019-10314
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2009-0021
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...