PT-2018-9323 · Jenkins · Jenkins Vsphere Plugin+1

Peter Adkins

Published

2018-04-05

Updated

2022-05-14

CVE-2018-1000151

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jenkins vSphere Plugin versions 2.16 and older

Description A man in the middle issue exists due to the disabling of SSL/TLS certificate validation by default in the VSphere.java file. This affects the security of the connection. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Jenkins vSphere Plugin versions 2.16 and older, update to version 2.17 or newer, which has SSL/TLS certificate validation enabled by default.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2018-1000151

GHSA-VQ7P-F4FV-RR5X

Affected Products

Jenkins

Jenkins Vsphere Plugin

PT-2018-9323 · Jenkins · Jenkins Vsphere Plugin+1

CVE-2018-1000151

Weakness Enumeration

Related Identifiers

Affected Products

References · 6