GHSA-q296-9j5x-fxf4

Source

https://github.com/advisories/GHSA-q296-9j5x-fxf4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q296-9j5x-fxf4/GHSA-q296-9j5x-fxf4.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-q296-9j5x-fxf4

Aliases

CVE-2021-22511

Published

2022-05-24T17:46:58Z

Modified

2023-12-07T13:45:53.191342Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin

Details

Micro Focus Application Automation Tools Plugin 6.7 and earlier unconditionally disables SSL/TLS certificate validation for connections to Service Virtualization servers.

Micro Focus Application Automation Tools Plugin 6.8 no longer disables SSL/TLS certificate validation unconditionally by default. It provides an option to disable SSL/TLS certification validation for connections to Service Virtualization servers.

Database specific

{
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-295"
    ],
    "nvd_published_at": "2021-04-08T22:15:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:16:38Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:hp-application-automation-tools-plugin

Package

Name: org.jenkins-ci.plugins:hp-application-automation-tools-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8

Affected versions

1.*

1.0

1.0.2

2.*

2.0.0

2.0.2

3.*

3.0.5

3.0.6

3.0.7

4.*

4.0

4.0.1

4.5.0

5.*

5.0.0-beta-1

5.0

5.1-beta-1

5.1

5.1.0.1-beta

5.1.0.2-beta

5.2

5.2.0.1-beta

5.3

5.3.1-beta

5.3.2-beta

5.3.3-beta

5.3.4-beta

5.4

5.4.1-beta

5.4.2-beta

5.5

5.5.1-beta

5.5.2-beta

5.5.3-beta

5.5.4-beta

5.6

5.6.1

5.6.2

5.6.3-beta

5.6.4-beta

5.6.5-beta

5.7

5.7.1-beta

5.7.2-beta

5.7.3-beta

5.7.4-beta

5.8

5.8.1-beta

5.8.2-beta

5.8.3-beta

5.8.4-beta

5.8.5-beta

5.8.6-beta

5.8.7-beta

5.8.8-beta

5.9

5.9.1-beta

5.9.2-beta

5.9.3-beta

6.*

6.0

6.0.1-beta

6.0.2-beta

6.0.3-beta

6.0.4-beta

6.0.5-beta

6.1

6.1.1-beta

6.1.2-beta

6.1.3-beta

6.1.4-beta

6.2

6.2.1-beta

6.2.2-beta

6.2.3-beta

6.2.4-beta

6.2.5-beta

6.2.6-beta

6.2.7-beta

6.2.8-beta

6.3

6.3.1-beta

6.3.2-beta

6.3.3-beta

6.3.4-beta

6.4

6.4.1-beta

6.4.2-beta

6.4.3-beta

6.5

6.6

6.6.1-beta

6.6.2-beta

6.6.3-beta

6.6.4-beta

6.6.5-beta

6.7

6.7.1-beta

Database specific

last_known_affected_version_range

"<= 6.7"