![]() Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. ![]() The vendor advisory stated "a new Array AG release with the fix will be available soon."Īn authentication bypass vulnerability exists in libcurl 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.Īn access of uninitialized pointer vulnerability in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.ĬomponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. The product could then be exploited through a vulnerable URL. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ![]() Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.Īrray Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
0 Comments
Leave a Reply. |