GHSA-q296-9j5x-fxf4

Suggest an improvement
Source
https://github.com/advisories/GHSA-q296-9j5x-fxf4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q296-9j5x-fxf4/GHSA-q296-9j5x-fxf4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-q296-9j5x-fxf4
Aliases
  • CVE-2021-22511
Published
2022-05-24T17:46:58Z
Modified
2023-12-07T13:45:53.191342Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
Details

Micro Focus Application Automation Tools Plugin 6.7 and earlier unconditionally disables SSL/TLS certificate validation for connections to Service Virtualization servers.

Micro Focus Application Automation Tools Plugin 6.8 no longer disables SSL/TLS certificate validation unconditionally by default. It provides an option to disable SSL/TLS certification validation for connections to Service Virtualization servers.

Database specific
{
    "nvd_published_at": "2021-04-08T22:15:00Z",
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:16:38Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:hp-application-automation-tools-plugin

Package

Name
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8

Affected versions

1.*

1.0
1.0.2

2.*

2.0.0
2.0.2

3.*

3.0.5
3.0.6
3.0.7

4.*

4.0
4.0.1
4.5.0

5.*

5.0.0-beta-1
5.0
5.1-beta-1
5.1
5.1.0.1-beta
5.1.0.2-beta
5.2
5.2.0.1-beta
5.3
5.3.1-beta
5.3.2-beta
5.3.3-beta
5.3.4-beta
5.4
5.4.1-beta
5.4.2-beta
5.5
5.5.1-beta
5.5.2-beta
5.5.3-beta
5.5.4-beta
5.6
5.6.1
5.6.2
5.6.3-beta
5.6.4-beta
5.6.5-beta
5.7
5.7.1-beta
5.7.2-beta
5.7.3-beta
5.7.4-beta
5.8
5.8.1-beta
5.8.2-beta
5.8.3-beta
5.8.4-beta
5.8.5-beta
5.8.6-beta
5.8.7-beta
5.8.8-beta
5.9
5.9.1-beta
5.9.2-beta
5.9.3-beta

6.*

6.0
6.0.1-beta
6.0.2-beta
6.0.3-beta
6.0.4-beta
6.0.5-beta
6.1
6.1.1-beta
6.1.2-beta
6.1.3-beta
6.1.4-beta
6.2
6.2.1-beta
6.2.2-beta
6.2.3-beta
6.2.4-beta
6.2.5-beta
6.2.6-beta
6.2.7-beta
6.2.8-beta
6.3
6.3.1-beta
6.3.2-beta
6.3.3-beta
6.3.4-beta
6.4
6.4.1-beta
6.4.2-beta
6.4.3-beta
6.5
6.6
6.6.1-beta
6.6.2-beta
6.6.3-beta
6.6.4-beta
6.6.5-beta
6.7
6.7.1-beta

Database specific

{
    "last_known_affected_version_range": "<= 6.7"
}