Jenkins SiteMonitor Plugin Vulnerability Compromises SSL/TLS Verification
CVE-2019-10317
5.9MEDIUM
Summary
The Jenkins SiteMonitor Plugin version 0.5 and earlier contains a vulnerability where SSL/TLS and hostname verification are globally disabled for the Jenkins master JVM. This misconfiguration allows malicious actors to exploit insecure connections, potentially leading to unauthorized access and data breaches. Users of the affected plugin should upgrade to the latest version to mitigate this risk.
Affected Version(s)
Jenkins SiteMonitor Plugin 0.5 and earlier
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved