Description
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Remediation
References
https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1528
http://www.openwall.com/lists/oss-security/2020/05/06/3
Related Vulnerabilities
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2018-1000404 Vulnerability in maven package com.amazonaws:aws-codebuild
CVE-2015-5531 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2011-1475 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-34784 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics