CVE-2019-10444 – org.jenkins-ci.plugins:bumblebee

Package

Manager: maven
Name: org.jenkins-ci.plugins:bumblebee
Vulnerable Version: >=0 <4.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00036 pctl0.09043

Details

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service. Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.

Metadata

Created: 2022-05-24T16:58:49Z
Modified: 2023-10-26T23:06:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qgp8-h5cp-r75r/GHSA-qgp8-h5cp-r75r.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-qgp8-h5cp-r75r
Finding: F163
Auto approve: 1