CVE-2018-1000151Improper Certificate Validation in Jenkins Vsphere

CWE-295Improper Certificate Validation5 documents5 sources
Severity
5.6MEDIUMNVD
EPSS
0.0%
top 88.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Vsphere
Timeline
PublishedApr 5
Latest updateMay 14

Description

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages1 packages

NVDjenkins/vsphere2.16

🔴Vulnerability Details

3
GHSA
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default2022-05-14
OSV
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default2022-05-14
CVEList
CVE-2018-1000151: A man in the middle vulnerability exists in Jenkins vSphere Plugin 22018-04-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-262018-03-26
CVE-2018-1000151 — Improper Certificate Validation | cvebase