Jenkins Cadence vManager Plugin prior to version 2.7.1 disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This issue is patched in 2.7.1
{ "nvd_published_at": "2019-10-16T14:15:00Z", "github_reviewed_at": "2022-12-06T21:49:12Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-295" ] }