CVE-2018-1000151 Information

Description

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.

Vulnerability Type (CWE)

CWE-295

Published

2018-04-05

Last Modified

2018-05-15

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

5.6 MEDIUM

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504 (Vendor Advisory)