Vulnerability in Checkmarx Plugin for Jenkins
CVE-2023-35142

8.1HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Checkmarx Plugin
Vendor: CVE Published:; 14 June 2023

Summary

The Jenkins Checkmarx Plugin prior to version 2022.4.4 is vulnerable due to disabling SSL/TLS validation by default for connections to the Checkmarx server, potentially allowing man-in-the-middle (MitM) attacks. This can expose sensitive data and compromise security protocols, putting users at risk if an attacker intercepts the communication.

Affected Version(s)

Jenkins Checkmarx Plugin 0 <= 2022.4.3

References

https://www.jenkins.io/security/advisory/2023-06-14/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/06/14/5

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 14, 2023