[MAVEN:GHSA-23C2-W636-5RHM] Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Jenkins SiteMonitor Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.

SiteMonitor Plugin no longer does that. Instead, it now has an opt-in option to ignore SSL/TLS errors for each site check individually.

Package	Affected Version
pkg:maven/org.jvnet.hudson.plugins/sitemonitor	<= 0.5

Package	Fixed Version
pkg:maven/org.jvnet.hudson.plugins/sitemonitor	= 0.6

ID

MAVEN:GHSA-23C2-W636-5RHM

Severity

moderate

URL

https://github.com/advisories/GHSA-23c2-w636-5rhm

Published

2022-05-24T16:44:55
(2 years ago)

Modified

2023-10-26T21:52:42
(10 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-10317
			https://jenkins.io/security/advisory/2019-04-30/#SECURITY-930
			http://www.openwall.com/lists/oss-security/2019/04/30/5
			https://web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159
			https://github.com/advisories/GHSA-23c2-w636-5rhm

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jvnet.hudson.plugins/sitemonitor	org.jvnet.hudson.plugins	sitemonitor	<= 0.5
Fixed	pkg:maven/org.jvnet.hudson.plugins/sitemonitor	org.jvnet.hudson.plugins	sitemonitor	= 0.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date