Description
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
Remediation
References
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-936
http://www.openwall.com/lists/oss-security/2019/04/30/5
http://www.securityfocus.com/bid/108159
Related Vulnerabilities
CVE-2023-29206 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement
CVE-2022-23106 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2016-4461 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2023-27603 Vulnerability in maven package org.apache.linkis:linkis-common