CVE-2024-28162Improper Certificate Validation in Jenkins Delphix

CWE-295Improper Certificate Validation5 documents5 sources
Severity
4.2MEDIUMNVD
EPSS
0.1%
top 80.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins DelphixJenkins Project Jenkins Delphix Plugin
Timeline
PublishedMar 6

Description

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_delphix_plugin3.0.13.1.0
NVDjenkins/delphix3.0.13.1.1

🔴Vulnerability Details

3
GHSA
Jenkins Delphix Plugin has improper SSL/TLS certificate validation2024-03-06
CVEList
CVE-2024-28162: In Jenkins Delphix Plugin 32024-03-06
OSV
Jenkins Delphix Plugin has improper SSL/TLS certificate validation2024-03-06

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2024-03-062024-03-06
CVE-2024-28162 — Improper Certificate Validation | cvebase