CVE-2019-10381

Name of the Vulnerable Software and Affected Versions Jenkins Codefresh Integration Plugin versions 1.8 and earlier

Description The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This means that the plugin disables the verification of SSL/TLS certificates, potentially allowing malicious connections to be established without being detected. As of the latest information, there is no fix available for this issue.

Recommendations For Jenkins Codefresh Integration Plugin versions 1.8 and earlier, as a temporary workaround, consider disabling the plugin until a patch is available to prevent the disabling of SSL/TLS certificate validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.