Improper Certificate Validation in Micro Focus Application Automation Tools Plugin for Jenkins
CVE-2021-22511

6.5MEDIUM

Key Information:

Vendor: Microfocus
Status: Micro Focus Application Automation Tools Plugin - Jenkins Plugin.
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-22511?

The vulnerability exists in the Micro Focus Application Automation Tools Plugin for Jenkins, where improper validation of SSL/TLS certificates can be exploited. This flaw allows attackers to disable certificate verification, potentially leading to man-in-the-middle attacks and exposing sensitive data. Users are advised to update their plugin to mitigate risks associated with this vulnerability.

Affected Version(s)

Micro Focus Application Automation Tools Plugin - Jenkins plugin. 6.7 and earlier versions.

References

https://www.jenkins.io/security/advisory/2021-04-07/#SECU...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Jan 5, 2021

Microfocus

What is CVE-2021-22511?

Affected Version(s)

References

CVSS V3.1

Timeline