[JENKINS:SECURITY-2910-1] SSL/TLS certificate validation globally and unconditionally disabled by `cavisson-ns-nd-integration`

Severity Medium

Affected Packages 2

Fixed Packages 2

CVEs 1

cavisson-ns-nd-integration 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.

cavisson-ns-nd-integration 4.8.0.146 no longer disables SSL/TLS certificate and hostname validation globally.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/cavisson-ns-nd-integration	<= 4.8.0.143
pkg:github/jenkinsci/cavisson-ns-nd-integration-plugin	<= 4.8.0.143

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/cavisson-ns-nd-integration	= 4.8.0.146
pkg:github/jenkinsci/cavisson-ns-nd-integration-plugin	= 4.8.0.146

ID

JENKINS:SECURITY-2910-1

Severity

medium

Published

2022-11-15T00:00:00
(22 months ago)

Modified

2022-11-15T00:00:00
(22 months ago)

Rights

Jenkins Security Team

Other Advisories

MAVEN:GHSA-3VWM-FC87-MQ6H

Source	# ID	Name	URL
Plugin repository		cavisson-ns-nd-integration repository	https://github.com/jenkinsci/cavisson-ns-nd-integration-plugin

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.plugins/cavisson-ns-nd-integration	org.jenkins-ci.plugins	cavisson-ns-nd-integration	<= 4.8.0.143
Fixed	pkg:maven/org.jenkins-ci.plugins/cavisson-ns-nd-integration	org.jenkins-ci.plugins	cavisson-ns-nd-integration	= 4.8.0.146
Affected	pkg:github/jenkinsci/cavisson-ns-nd-integration-plugin	jenkinsci	cavisson-ns-nd-integration-plugin	<= 4.8.0.143
Fixed	pkg:github/jenkinsci/cavisson-ns-nd-integration-plugin	jenkinsci	cavisson-ns-nd-integration-plugin	= 4.8.0.146

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date