PT-2019-6387 · Jenkins · Jenkins Vmware Lab Manager Slaves Plugin+1
Oleg Nenashev
·
Published
2019-08-07
·
Updated
2023-10-25
·
CVE-2019-10382
CVSS v2.0
7.8
High
| Vector | AV:N/AC:M/Au:N/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier
Description
The issue is related to the disabling of global SSL/TLS and hostname verification for the Jenkins master JVM, which could allow a remote attacker to perform a man-in-the-middle attack. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.
Recommendations
For Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier, as a temporary workaround, consider enabling SSL/TLS and hostname verification for the Jenkins master JVM until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Vmware Lab Manager Slaves Plugin