CVE-2019-10444

MEDIUM4.8EPSS 0.04%

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation

發布日:2022/5/24修改日:2024/2/16

描述

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service. Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.

受影響套件(1)

Maven/org.jenkins-ci.plugins:bumblebeefrom 0, < 4.1.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10444
WEBhttps://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481