CVE-2024-28162

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/03/06/3
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330

Configurations

No configuration.

History

12 Nov 2024, 16:35

Type	Values Removed	Values Added
CWE		CWE-295
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.2

01 May 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/03/06/3 -
Summary		(es) En Jenkins Delphix Plugin 3.0.1 a 3.1.0 (ambos inclusive), una opción global para que los administradores habiliten o deshabiliten la validación de certificados SSL/TLS para conexiones de la Torre de control de datos (DCT) no surte efecto hasta que se reinicia al cambiar de validación deshabilitada a validación habilitada.

06 Mar 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-06 17:15

Updated : 2024-11-12 16:35

NVD link : CVE-2024-28162

Mitre link : CVE-2024-28162

CVE.ORG link : CVE-2024-28162

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

4.2 /10