In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2024/03/06/3 | Mailing List |
| https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2024/03/06/3 | Mailing List |
| https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 | Vendor Advisory |
Configurations
History
07 May 2025, 14:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Jenkins delphix
Jenkins |
|
| References | () http://www.openwall.com/lists/oss-security/2024/03/06/3 - Mailing List | |
| References | () https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 - Vendor Advisory | |
| CPE | cpe:2.3:a:jenkins:delphix:*:*:*:*:*:jenkins:*:* |
21 Nov 2024, 09:05
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.openwall.com/lists/oss-security/2024/03/06/3 - | |
| References | () https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 - |
12 Nov 2024, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.2 |
| CWE | CWE-295 |
01 May 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
06 Mar 2024, 21:42
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-06 17:15
Updated : 2025-05-07 14:27
NVD link : CVE-2024-28162
Mitre link : CVE-2024-28162
CVE.ORG link : CVE-2024-28162
JSON object : View
Products Affected
jenkins
- delphix
CWE
CWE-295
Improper Certificate Validation