1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1411

[JENKINS:SECURITY-1411] `electricflow` globally and unconditionally disabled SSL/TLS certificate validation

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

electricflow unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application.

electricflow no longer does that.
Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment for the specific connection.

This issue was caused by an incomplete fix for link:../2019-02-19/#SECURITY-937[SECURITY-937].

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/electricflow <= 1.1.6
pkg:github/jenkinsci/electricflow-plugin <= 1.1.6
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/electricflow = 1.1.7
pkg:github/jenkinsci/electricflow-plugin = 1.1.7
ID
JENKINS:SECURITY-1411
Severity
medium
Published
2019-06-11T00:00:00
(5 years ago)
Modified
2019-06-11T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository electricflow repository https://github.com/jenkinsci/electricflow-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow <= 1.1.6
Fixed pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow = 1.1.7
Affected pkg:github/jenkinsci/electricflow-plugin jenkinsci electricflow-plugin <= 1.1.6
Fixed pkg:github/jenkinsci/electricflow-plugin jenkinsci electricflow-plugin = 1.1.7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date