PT-2018-9323 · Jenkins · Jenkins Vsphere Plugin+1

Peter Adkins

Publicado

2018-04-05

Atualizado

2022-05-14

CVE-2018-1000151

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jenkins vSphere Plugin versions 2.16 and older

Description A man in the middle issue exists due to the disabling of SSL/TLS certificate validation by default in the VSphere.java file. This affects the security of the connection. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Jenkins vSphere Plugin versions 2.16 and older, update to version 2.17 or newer, which has SSL/TLS certificate validation enabled by default.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2018-1000151

GHSA-VQ7P-F4FV-RR5X

Produtos afetados

Jenkins

Jenkins Vsphere Plugin

PT-2018-9323 · Jenkins · Jenkins Vsphere Plugin+1

CVE-2018-1000151

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6