CVE-2019-10382

Severity

6.5MEDIUM

EPSS

0.1%

top 84.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 7

Latest updateMay 24

Description

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

GHSA

Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation↗2022-05-24

▶

OSV

Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation↗2022-05-24

▶

CVEList

CVE-2019-10382: Jenkins VMware Lab Manager Slaves Plugin 0↗2019-08-07

▶

Jenkins

Jenkins Security Advisory 2019-08-07↗2019-08-07

▶