1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-941

[JENKINS:SECURITY-941] CollabNet Plugin globally and unconditionally disables SSL/TLS certificate validation

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

CollabNet Plugin disabled SSL/TLS certificate validation for the entire Jenkins controller JVM by default.

CollabNet Plugin 2.0.5 and newer no longer does that.
It instead requires users to opt in to disabling SSL/TLS certificate validation by setting the system property hudson.plugins.collabnet.CollabNetPlugin.skipSslValidation to true.
This feature applies to connections by this plugin only.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/collabnet <= 2.0.4
pkg:github/jenkinsci/collabnet-plugin <= 2.0.4
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/collabnet = 2.0.5
pkg:github/jenkinsci/collabnet-plugin = 2.0.5
ID
JENKINS:SECURITY-941
Severity
medium
Published
2018-06-25T00:00:00
(6 years ago)
Modified
2018-06-25T00:00:00
(6 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository collabnet repository https://github.com/jenkinsci/collabnet-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/collabnet org.jenkins-ci.plugins collabnet <= 2.0.4
Fixed pkg:maven/org.jenkins-ci.plugins/collabnet org.jenkins-ci.plugins collabnet = 2.0.5
Affected pkg:github/jenkinsci/collabnet-plugin jenkinsci collabnet-plugin <= 2.0.4
Fixed pkg:github/jenkinsci/collabnet-plugin jenkinsci collabnet-plugin = 2.0.5
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date