Jenkins Koji Plugin Vulnerability Impacts SSL/TLS Security and Hostname Verification
CVE-2019-10314
5.9MEDIUM
Summary
The Jenkins Koji Plugin poses a significant security risk by disabling SSL/TLS and hostname verification for the Jenkins master JVM. This configuration flaw can result in unencrypted communications, making the system susceptible to man-in-the-middle attacks and unauthorized access to sensitive data. Users of the Jenkins Koji Plugin must ensure proper security configurations are in place to mitigate these risks.
Affected Version(s)
Jenkins Koji Plugin 0.3 and earlier
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved