GHSA-xj36-6xc6-8p9x

Suggest an improvement
Source
https://github.com/advisories/GHSA-xj36-6xc6-8p9x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-xj36-6xc6-8p9x/GHSA-xj36-6xc6-8p9x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xj36-6xc6-8p9x
Aliases
  • CVE-2024-28161
Published
2024-03-06T18:30:39Z
Modified
2024-05-02T14:07:00Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Details

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.

References

Affected packages

Maven / org.jenkins-ci.plugins:delphix

Package

Name
org.jenkins-ci.plugins:delphix
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/delphix

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.1
Fixed
3.0.2

Affected versions

3.*

3.0.1