PT-2024-22308 · Jenkins · Jenkins Delphix Plugin+1
Yaroslav Afenkin
·
Published
2024-03-06
·
Updated
2025-05-07
·
CVE-2024-28162
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Delphix Plugin versions 3.0.1 through 3.1.0
Description
The global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections does not take effect until Jenkins is restarted when switching from disabled validation to enabled validation.
Recommendations
For Jenkins Delphix Plugin versions 3.0.1 through 3.1.0, restart Jenkins after switching from disabled to enabled SSL/TLS certificate validation to ensure the change takes effect.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Delphix Plugin