Description
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615
Related Vulnerabilities
CVE-2022-42128 Vulnerability in maven package com.liferay:com.liferay.headless.delivery.impl
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log
CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-data-file
CVE-2013-5966 Vulnerability in maven package org.zkoss.common:zweb
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver