Description
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615
Related Vulnerabilities
CVE-2019-10380 Vulnerability in maven package org.jenkins-ci.plugins:simple-travis-runner
CVE-2018-1999036 Vulnerability in maven package org.jenkins-ci.plugins:ssh-agent
CVE-2023-26048 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-11975 Vulnerability in maven package org.apache.unomi:unomi-common
CVE-2020-17518 Vulnerability in maven package org.apache.flink:flink-runtime_2.11