SSL/TLS Certificate Validation Bypass in Jenkins Delphix Plugin

CVE-2024-28162

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Delphix Plugin
Vendor: CVE Published:; 6 March 2024

Summary

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.

Affected Version(s)

Jenkins Delphix Plugin <= 3.1.0

Timeline

Vulnerability published.
Mar 6, 2024
Vulnerability Reserved.
Mar 5, 2024

Collectors

NVD DatabaseMitre Database