Man-in-the-Middle Vulnerability in Jenkins vSphere Plugin
CVE-2018-1000151

5.6MEDIUM

Key Information:

Vendor: Jenkins
Status: Vsphere
Vendor: CVE Published:; 5 April 2018

Summary

A vulnerability in the Jenkins vSphere Plugin allows an attacker to perform man-in-the-middle attacks due to the default disabling of SSL/TLS certificate validation. This oversight can expose sensitive information during data transmission, enabling potential interception and manipulation of data. Users of Jenkins vSphere Plugin versions 2.16 and older must take precautionary measures to ensure secure communications.

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 5, 2018