PT-2022-18841 · Jenkins · Jenkins Proxmox Plugin+1
Daniel Beck
·
Published
2022-03-29
·
Updated
2023-11-17
·
CVE-2022-28142
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Proxmox Plugin versions 0.6.0 and earlier
Description
The issue concerns the disabling of SSL/TLS certificate validation globally for the Jenkins controller JVM when the plugin is configured to ignore SSL/TLS issues. This affects the security of the system by potentially allowing unauthorized access or malicious activity.
Recommendations
For Jenkins Proxmox Plugin versions 0.6.0 and earlier, consider disabling the plugin until a patched version is available to prevent the global disabling of SSL/TLS certificate validation. As a temporary workaround, avoid configuring the plugin to ignore SSL/TLS issues to minimize the risk of exploitation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Proxmox Plugin