CVE-2019-10446
published 2019-10-16CVE-2019-10446: Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
high8.2CVSS 3.1
AVNACLPRNUINSUCHILAN
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bumblebee_hp_alm_plugin | — | — |
| jenkins | cadence_vmanager | <= 2.7.0 | — |
| jenkins | cadence_vmanager_plugin | — | — |
| jenkins | crx_content_package_deployer_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | extensive_testing_plugin | — | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | google_kubernetes_engine_plugin | — | — |
| jenkins | google_oauth_credentials_plugin | — | — |
| jenkins | ids_in_crx_content_package_deployer_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | jenkins_instance_with_this_plugin | — | — |
| jenkins | neoload_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_classic_plugin | — | — |
| jenkins | puppet_enterprise_pipeline_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | soasta_cloudtest_plugin | — | — |
| jenkins | sofy.ai_plugin | — | — |
| jenkins | view26_test-reporting_plugin | — | — |
| jenkins_project | jenkins_cadence_vmanager_plugin | — | — |