Jenkins Koji Plugin Vulnerability Impacts SSL/TLS Security and Hostname Verification
CVE-2019-10314
5.9MEDIUM
What is CVE-2019-10314?
The Jenkins Koji Plugin poses a significant security risk by disabling SSL/TLS and hostname verification for the Jenkins master JVM. This configuration flaw can result in unencrypted communications, making the system susceptible to man-in-the-middle attacks and unauthorized access to sensitive data. Users of the Jenkins Koji Plugin must ensure proper security configurations are in place to mitigate these risks.
Affected Version(s)
Jenkins Koji Plugin 0.3 and earlier