CVE-2019-10444

MEDIUM4.8EPSS 0.04%

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation

Published: 5/24/2022Modified: 2/16/2024

Description

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service. Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.

Affected packages (1)

Maven/org.jenkins-ci.plugins:bumblebeefrom 0, < 4.1.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10444
WEBhttps://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481