GHSA-q296-9j5x-fxf4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q296-9j5x-fxf4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q296-9j5x-fxf4/GHSA-q296-9j5x-fxf4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q296-9j5x-fxf4
- Aliases
-
- CVE-2021-22511
- Published
- 2022-05-24T17:46:58Z
- Modified
- 2024-02-16T08:08:54.541127Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
- Details
-
Micro Focus Application Automation Tools Plugin 6.7 and earlier unconditionally disables SSL/TLS certificate validation for connections to Service Virtualization servers.
Micro Focus Application Automation Tools Plugin 6.8 no longer disables SSL/TLS certificate validation unconditionally by default. It provides an option to disable SSL/TLS certification validation for connections to Service Virtualization servers.
- Database specific
{ "nvd_published_at": "2021-04-08T22:15:00Z", "cwe_ids": [ "CWE-295" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-13T19:16:38Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-22511
- https://github.com/jenkinsci/hpe-application-automation-tools-plugin/commit/b286378aa22bc48ed77d259200cb6863a532c2df
- https://github.com/jenkinsci/hpe-application-automation-tools-plugin
- https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2176
Affected packages
Maven / org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Package
- Name
- org.jenkins-ci.plugins:hp-application-automation-tools-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8
Affected versions
1.*
1.0
1.0.2
2.*
2.0.0
2.0.2
3.*
3.0.5
3.0.6
3.0.7
4.*
4.0
4.0.1
4.5.0
5.*
5.0.0-beta-1
5.0
5.1-beta-1
5.1
5.1.0.1-beta
5.1.0.2-beta
5.2
5.2.0.1-beta
5.3
5.3.1-beta
5.3.2-beta
5.3.3-beta
5.3.4-beta
5.4
5.4.1-beta
5.4.2-beta
5.5
5.5.1-beta
5.5.2-beta
5.5.3-beta
5.5.4-beta
5.6
5.6.1
5.6.2
5.6.3-beta
5.6.4-beta
5.6.5-beta
5.7
5.7.1-beta
5.7.2-beta
5.7.3-beta
5.7.4-beta
5.8
5.8.1-beta
5.8.2-beta
5.8.3-beta
5.8.4-beta
5.8.5-beta
5.8.6-beta
5.8.7-beta
5.8.8-beta
5.9
5.9.1-beta
5.9.2-beta
5.9.3-beta
6.*
6.0
6.0.1-beta
6.0.2-beta
6.0.3-beta
6.0.4-beta
6.0.5-beta
6.1
6.1.1-beta
6.1.2-beta
6.1.3-beta
6.1.4-beta
6.2
6.2.1-beta
6.2.2-beta
6.2.3-beta
6.2.4-beta
6.2.5-beta
6.2.6-beta
6.2.7-beta
6.2.8-beta
6.3
6.3.1-beta
6.3.2-beta
6.3.3-beta
6.3.4-beta
6.4
6.4.1-beta
6.4.2-beta
6.4.3-beta
6.5
6.6
6.6.1-beta
6.6.2-beta
6.6.3-beta
6.6.4-beta
6.6.5-beta
6.7
6.7.1-beta