CVE-2024-28162: In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data…

medium4.2CVSS 3.1

AVNACHPRNUIRSUCLILAN

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
jenkins	appspider_plugin	—	—
jenkins	bitbucket_branch_source_plugin	—	—
jenkins	build_monitor_view_plugin	—	—
jenkins	delphix	>= 3.0.1 < 3.1.1	3.1.1
jenkins	delphix_plugin	—	—
jenkins	gitbucket_plugin	—	—
jenkins	html_publisher_plugin	—	—
jenkins	improper_input_sanitization_in_html_publisher_plugin	—	—
jenkins	mq_notifier_plugin	—	—
jenkins	owasp_dependency-check_plugin	—	—
jenkins	subversion_partial_release_manager_plugin	—	—
jenkins	tls_certificate_validation_in_delphix_plugin	—	—
jenkins_project	jenkins_delphix_plugin	3.0.1 – 3.1.0	—