GHSA-rr3p-5fcf-v5m3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rr3p-5fcf-v5m3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rr3p-5fcf-v5m3/GHSA-rr3p-5fcf-v5m3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rr3p-5fcf-v5m3
- Aliases
-
- CVE-2023-35142
- Published
- 2023-06-14T15:30:37Z
- Modified
- 2024-02-16T08:16:45.983663Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
- Details
-
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.
- Database specific
{ "nvd_published_at": "2023-06-14T13:15:11Z", "cwe_ids": [ "CWE-295" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-30T23:13:05Z" }- References
Affected packages
Maven / com.checkmarx.jenkins:checkmarx
Package
- Name
- com.checkmarx.jenkins:checkmarx
- View open source insights on deps.dev
- Purl
- pkg:maven/com.checkmarx.jenkins/checkmarx
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2023.2.6
Affected versions
7.*
7.5.0
8.*
8.0.0
8.0.1
8.1.0
8.1.0-1
8.1.0-2
8.2.0
8.5.0
8.41.0
8.42.0
8.50.0
8.60.0
8.60.1
8.70.0
8.80.0
8.80.3
8.90.1
8.90.3
8.90.4
2020.*
2020.2.20
2020.3.3
2020.4.3
2020.4.8
2021.*
2021.1.2
2021.2.94
2021.2.96
2021.3.1
2021.3.3
2021.4.1
2021.4.2
2021.4.3
2022.*
2022.1.2
2022.1.3
2022.2.1
2022.2.3
2022.3.2
2022.3.3
2022.4.3