CVE-2019-10334

CWE-295Improper Certificate Validation5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 82.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins ElectricflowJenkins Project Jenkins Electricflow Plugin
Timeline
PublishedJun 11
Latest updateMay 24

Description

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_electricflow_plugin1.1.5 and earlier

🔴Vulnerability Details

3
GHSA
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation2022-05-24
OSV
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation2022-05-24
CVEList
CVE-2019-10334: Jenkins ElectricFlow Plugin 12019-06-11

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-06-112019-06-11
CVE-2019-10334 (MEDIUM CVSS 6.5) | Jenkins ElectricFlow Plugin 1.1.5 a | cvebase.io