14 matches found
CVE-2019-16558
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...
EUVD-2022-1414
Malicious code in bioql PyPI...
EUVD-2022-2000
Malicious code in bioql PyPI...
EUVD-2024-47150
Malicious code in bioql PyPI...
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...
CVE-2024-28161
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...
CVE-2024-28161
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...
GHSA-XMQV-PFW7-QMJ7 Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application. CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment fo...
CVE-2022-28142
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues...
Debian DSA-5011-1 : salt - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5011 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allo...
SUSE SLES11 Security Update : salt (SUSE-SU-2021:14650-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14650-1 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process...
Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1169)
A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...