1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-935

[JENKINS:SECURITY-935] Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Inedo ProGet Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM.

The plugin now has an option, disabled by default, to disable SSL/TLS certificate validation that only applies to its own connections.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/inedo-buildmaster <= 1.3
pkg:github/jenkinsci/inedo-buildmaster-plugin <= 1.3
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/inedo-buildmaster = 2.0
pkg:github/jenkinsci/inedo-buildmaster-plugin = 2.0
ID
JENKINS:SECURITY-935
Severity
medium
Published
2018-07-30T00:00:00
(6 years ago)
Modified
2018-07-30T00:00:00
(6 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository inedo-buildmaster repository https://github.com/jenkinsci/inedo-buildmaster-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/inedo-buildmaster org.jenkins-ci.plugins inedo-buildmaster <= 1.3
Fixed pkg:maven/org.jenkins-ci.plugins/inedo-buildmaster org.jenkins-ci.plugins inedo-buildmaster = 2.0
Affected pkg:github/jenkinsci/inedo-buildmaster-plugin jenkinsci inedo-buildmaster-plugin <= 1.3
Fixed pkg:github/jenkinsci/inedo-buildmaster-plugin jenkinsci inedo-buildmaster-plugin = 2.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date