Moderate severityNVD Advisory· Published Mar 6, 2024· Updated Feb 13, 2025
CVE-2024-28162
CVE-2024-28162
Description
In Jenkins Delphix Plugin 3.0.1-3.1.0, toggling SSL/TLS certificate validation from disabled to enabled only takes effect after Jenkins restart, leaving connections vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Jenkins Delphix Plugin 3.0.1-3.1.0, toggling SSL/TLS certificate validation from disabled to enabled only takes effect after Jenkins restart, leaving connections vulnerable.
Vulnerability
Description
In Jenkins Delphix Plugin versions 3.0.1 through 3.1.0, a global option allowing administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections does not immediately take effect when switching from disabled to enabled validation. The change only becomes active after a Jenkins restart, leaving a window where validation remains disabled [1][3].
Exploitation
An administrator must have access to the global configuration and toggle the setting from disabled to enabled. After the change, the plugin continues to operate without certificate validation until the Jenkins controller is restarted. During this period, an attacker with network access to the DCT connection can perform a man-in-the-middle attack, intercepting or tampering with communications because the client does not verify the server's certificate [2].
Impact
Successful exploitation allows a man-in-the-middle attacker to decrypt, modify, or inject data in DCT API communications, potentially compromising the integrity and confidentiality of data operations managed by the Delphix Plugin.
Mitigation
The vulnerability is fixed in Delphix Plugin versions 3.0.2 and 3.1.1 [2]. Administrators should upgrade to these versions or, if they must change the setting, restart Jenkins immediately after enabling certificate validation. The issue is also documented in the Jenkins security advisory [1] and the NVD entry [3].
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:delphixMaven | >= 3.0.1, < 3.1.1 | 3.1.1 |
Affected products
2- Range: 3.0.1
Patches
1798a36148526Merge pull request #37 from jenkinsci/security_fix_and-_test
8 files changed · +80 −296
src/main/java/io/jenkins/plugins/constant/Constant.java+1 −1 modified@@ -6,7 +6,7 @@ public class Constant { public static final String UNIQUE_FILE_NAME = "delphix-VDB-"; public static final String PROPERTIES = ".properties"; public static final String FILE_NAME = "delphix-VDB"; - public static final String USER_AGENT = "Jenkins-3.1.0"; + public static final String USER_AGENT = "Jenkins-3.1.1"; public static final String CLIENT_NAME = "Jenkins"; public static final String CLIENT_NAME_HEADER = "x-dct-client-name"; public static final long WAIT_TIME = 20000;
src/main/java/io/jenkins/plugins/delphix/DelphixGlobalConfiguration.java+5 −5 modified@@ -13,7 +13,7 @@ public static DelphixGlobalConfiguration get() { } private String dctUrl; - private boolean sslCheck; + private boolean disableSsl; public DelphixGlobalConfiguration() { load(); @@ -29,13 +29,13 @@ public void setDctUrl(String dctUrl) { save(); } - public boolean getSslCheck() { - return sslCheck; + public boolean getDisableSsl() { + return disableSsl; } @DataBoundSetter - public void setSslCheck(boolean sslCertificate) { - this.sslCheck = sslCertificate; + public void setDisableSsl(boolean disableSsl) { + this.disableSsl = disableSsl; save(); } }
src/main/java/io/jenkins/plugins/util/DctSdkUtil.java+1 −3 modified@@ -38,9 +38,7 @@ public DctSdkUtil(Run<?, ?> run, TaskListener listener, String credId) { return; } this.defaultClient = Configuration.getDefaultApiClient(); - if (DelphixGlobalConfiguration.get().getSslCheck()) { - this.defaultClient.setVerifyingSsl(false); - } + this.defaultClient.setVerifyingSsl(!DelphixGlobalConfiguration.get().getDisableSsl()); this.defaultClient.setConnectTimeout(Constant.TIMEOUT); this.defaultClient.setReadTimeout(Constant.TIMEOUT); this.defaultClient.setWriteTimeout(Constant.TIMEOUT);
src/main/resources/io/jenkins/plugins/delphix/DelphixGlobalConfiguration/config.jelly+1 −1 modified@@ -5,7 +5,7 @@ <f:textbox /> </f:entry> - <f:entry title="Disable SSL Certificate Validation" field="sslCheck" help="/plugin/delphix/help-sslCheck.html"> + <f:entry title="Disable SSL Certificate Validation" field="disableSsl" help="/plugin/delphix/help-sslCheck.html"> <f:checkbox default="false" /> </f:entry> </f:section>
src/test/java/io/jenkins/plugins/delphix/DeleteVDBTest.java+0 −35 removed@@ -1,35 +0,0 @@ -package io.jenkins.plugins.delphix; - -import com.cloudbees.plugins.credentials.CredentialsProvider; -import com.cloudbees.plugins.credentials.CredentialsScope; -import com.cloudbees.plugins.credentials.domains.Domain; -import hudson.util.Secret; -import jenkins.model.GlobalConfiguration; -import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; -import org.junit.Before; -import org.junit.Rule; - -import org.jvnet.hudson.test.JenkinsRule; - - -public class DeleteVDBTest { - - @Rule - public JenkinsRule jenkins = new JenkinsRule(); - - @Before - public void init() throws Exception { - DelphixGlobalConfiguration globalConfig1 = - GlobalConfiguration.all().get(DelphixGlobalConfiguration.class); - globalConfig1.setDctUrl("https://dct6.dlpxdc.co/v3"); - - - globalConfig1.save(); - - StringCredentialsImpl c = new StringCredentialsImpl(CredentialsScope.USER, - "test123", "description", Secret.fromString( - "apk 1.YKhbbGsoA2LUoaIpZ8nxPQsOQbQ5BBWAdB7AhWZISkGjeB6JsyiImpRP0EtKG86y")); - CredentialsProvider.lookupStores(jenkins).iterator().next() - .addCredentials(Domain.global(), c); - } -}
src/test/java/io/jenkins/plugins/delphix/GlobalConfigurationTest.java+72 −0 added@@ -0,0 +1,72 @@ +package io.jenkins.plugins.delphix; + +import com.cloudbees.plugins.credentials.CredentialsProvider; +import com.cloudbees.plugins.credentials.CredentialsScope; +import com.cloudbees.plugins.credentials.domains.Domain; +import hudson.model.FreeStyleBuild; +import hudson.model.FreeStyleProject; +import hudson.util.Secret; +import hudson.model.Result; +import jenkins.model.GlobalConfiguration; +import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +public class GlobalConfigurationTest { + + @Rule + public JenkinsRule jenkins = new JenkinsRule(); + + @Test + public void GlobalConfigSSLDisable() throws Exception { + DelphixGlobalConfiguration globalConfig1 = + GlobalConfiguration.all().get(DelphixGlobalConfiguration.class); + globalConfig1.setDctUrl("https://self-signed.badssl.com"); + globalConfig1.setDisableSsl(true); //disable ssl + globalConfig1.save(); + + StringCredentialsImpl c = + new StringCredentialsImpl(CredentialsScope.USER, "test123", "description", + Secret.fromString("api key")); + CredentialsProvider.lookupStores(jenkins).iterator().next().addCredentials(Domain.global(), c); + + FreeStyleProject project = jenkins.createFreeStyleProject(); + ProvisionVDBFromSnapshot builder = new ProvisionVDBFromSnapshot(); + builder.setSourceDataId("4-ORACLE_DB_CONTAINER-6"); + builder.setCredentialId("test123"); + builder.setAutoSelectRepository(true); + project.getBuildersList().add(builder); + + FreeStyleBuild b1 = project.scheduleBuild2(0).get(); + System.out.println(b1.toString()); + jenkins.assertLogContains("<head><title>404 Not Found</title></head>", b1); + jenkins.assertBuildStatus(Result.FAILURE, b1); + } + + + @Test + public void GlobalConfigDefault() throws Exception { + DelphixGlobalConfiguration globalConfig1 = + GlobalConfiguration.all().get(DelphixGlobalConfiguration.class); + globalConfig1.setDctUrl("https://self-signed.badssl.com"); + globalConfig1.save(); + + StringCredentialsImpl c = + new StringCredentialsImpl(CredentialsScope.USER, "test123", "description", + Secret.fromString("api key")); + CredentialsProvider.lookupStores(jenkins).iterator().next().addCredentials(Domain.global(), c); + + FreeStyleProject project = jenkins.createFreeStyleProject(); + ProvisionVDBFromSnapshot builder = new ProvisionVDBFromSnapshot(); + builder.setSourceDataId("4-ORACLE_DB_CONTAINER-6"); + builder.setCredentialId("test123"); + builder.setAutoSelectRepository(true); + project.getBuildersList().add(builder); + + FreeStyleBuild b1 = project.scheduleBuild2(0).get(); + System.out.println(b1.toString()); + jenkins.assertLogContains("javax.net.ssl.SSLHandshakeException:", b1); + jenkins.assertBuildStatus(Result.FAILURE, b1); + } +} \ No newline at end of file
src/test/java/io/jenkins/plugins/delphix/ProvisionVDBFromBookmarkTest.java+0 −164 removed@@ -1,164 +0,0 @@ -// package io.jenkins.plugins.delphix; - -// import com.cloudbees.plugins.credentials.Credentials; -// import com.cloudbees.plugins.credentials.CredentialsProvider; -// import com.cloudbees.plugins.credentials.CredentialsScope; -// import com.cloudbees.plugins.credentials.SystemCredentialsProvider; -// import com.cloudbees.plugins.credentials.domains.Domain; -// import com.gargoylesoftware.htmlunit.html.HtmlPage; -// import hudson.ExtensionList; -// import hudson.Functions; -// import hudson.model.Descriptor; -// import hudson.model.FreeStyleBuild; -// import hudson.model.FreeStyleProject; -// import hudson.model.Result; -// import hudson.tasks.BatchFile; -// import hudson.tasks.Builder; -// import hudson.tasks.Shell; -// import hudson.util.Secret; -// import jenkins.model.GlobalConfiguration; -// import jenkins.model.GlobalPluginConfiguration; -// import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; -// import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition; -// import org.jenkinsci.plugins.workflow.job.WorkflowJob; -// import org.jenkinsci.plugins.workflow.job.WorkflowRun; -// import org.junit.Assert; -// import org.junit.Before; -// import org.junit.Rule; -// import org.junit.Test; -// import org.junit.jupiter.api.Timeout; -// import org.jvnet.hudson.test.JenkinsRule; - -// import java.util.Arrays; -// import java.util.Collections; -// import java.util.concurrent.TimeUnit; -// import static org.hamcrest.MatcherAssert.assertThat; -// import static org.hamcrest.Matchers.is; -// import static org.junit.jupiter.api.Timeout.ThreadMode.SEPARATE_THREAD; - -// public class ProvisionVDBFromBookmarkTest { - -// @Rule -// public JenkinsRule jenkins = new JenkinsRule(); - -// @Before -// public void init() throws Exception { -// DelphixGlobalConfiguration globalConfig1 = -// GlobalConfiguration.all().get(DelphixGlobalConfiguration.class); -// globalConfig1.setDctUrl("https://dct6.dlpxdc.co/v3"); - - -// globalConfig1.save(); - -// StringCredentialsImpl c = new StringCredentialsImpl(CredentialsScope.USER, "test123", -// "description", Secret.fromString( -// "apk 1.YKhbbGsoA2LUoaIpZ8nxPQsOQbQ5BBWAdB7AhWZISkGjeB6JsyiImpRP0EtKG86y")); -// CredentialsProvider.lookupStores(jenkins).iterator().next().addCredentials(Domain.global(), -// c); -// } - - -// // @Test -// // public void testConfigRoundtrip() throws Exception { -// // FreeStyleProject project = jenkins.createFreeStyleProject(); - -// // ProvisionVDBFromBookmark x = new ProvisionVDBFromBookmark("GLOBAL_CREDENTIALS_ID_1"); -// // x.setCredentialId("test123"); -// // project.getBuildersList().add(x); -// // project = jenkins.configRoundtrip(project); -// // FreeStyleBuild build = -// // jenkins.assertBuildStatus(Result.SUCCESS, project.scheduleBuild2(0).get()); -// // build.ge -// // jenkins.assertEqualDataBoundBeans(x, project.getBuildersList().get(0)); -// // } - -// // @Test -// // public void publishArtifactSuccessTest() throws Exception { - - -// // FreeStyleProject project = jenkins.createFreeStyleProject(); -// // ProvisionVDBFromBookmark step = new ProvisionVDBFromBookmark("GLOBAL_CREDENTIALS_ID_1"); -// // step.setCredentialId("test123"); -// // project.getBuildersList().add(step); -// // FreeStyleBuild build = project.scheduleBuild2(0).get(); -// // System.out.println(build.getDisplayName() + " completed"); -// // // TODO: change this to use HtmlUnit -// // // String s = FileUtils.readFileToString(build.getLogFile()); -// // // assertThat(s, containsString("Finished: SUCCESS")); -// // } - -// // @Test -// // public void testBuild() throws Exception { -// // FreeStyleProject project = jenkins.createFreeStyleProject(); -// // ProvisionVDBFromBookmark builder = new ProvisionVDBFromBookmark("GLOBAL_CREDENTIALS_ID_1"); -// // builder.setCredentialId("test123"); -// // project.getBuildersList().add(builder); -// // FreeStyleBuild build = jenkins.buildAndAssertSuccess(project); -// // jenkins.assertLogContains("web test run " + "\n", build); -// // } - -// // @Test -// // @Timeout(value = 10, unit = TimeUnit.MINUTES, threadMode = SEPARATE_THREAD) -// // // @Timeout(value = 10, unit = TimeUnit.MINUTES) -// // public void testBuild1() throws Exception { -// // FreeStyleProject project = jenkins.createFreeStyleProject(); -// // ProvisionVDBFromBookmark builder = new ProvisionVDBFromBookmark("bkm123"); -// // builder.setCredentialId("test123"); -// // builder.setAutoSelectRepository(true); -// // // builder.setSkipPolling(true); -// // project.getBuildersList().add(builder); -// // FreeStyleBuild build = jenkins.buildAndAssertSuccess(project); -// // jenkins.assertLogContains("Current Job Status: COMPLETED", build); -// // // System.out.println(build); -// // } - -// // @Test -// // public void testConfigElements() throws Exception { -// // // HtmlPage page = jenkins.createWebClient().goTo("configure"); -// // // String pageText = page.asNormalizedText(); -// // // Assert.assertTrue("Missing: BrowserStack Global Config", -// // // pageText.contains("BrowserStack")); -// // } - - -// // @Test -// // public void testBuild() throws Exception { -// // FreeStyleProject project = jr.createFreeStyleProject(); -// // ProvarAutomation builder = new ProvarAutomation(provarAutomationName, buildFile, testPlan, -// // testFolder, environment, browser, secretsPassword, salesforceMetadataCacheSetting, -// // resultsPathSetting, projectName); -// // project.getBuildersList().add(builder); -// // FreeStyleBuild build = -// // jr.assertBuildStatus(Result.FAILURE, project.scheduleBuild2(quietPeriod).get()); -// // jr.assertLogContains("Running the build file: " + buildFile, build); -// // jr.assertLogContains("Executing test plan: " + testPlan, build); -// // jr.assertLogContains("Executing test folder: " + testFolder, build); -// // jr.assertLogContains("Target browser: " + browser, build); -// // jr.assertLogContains("Target environment: " + environment, build); -// // jr.assertLogContains("Salesforce Metadata Cache Setting: " + salesforceMetadataCacheSetting, -// // build); -// // jr.assertLogContains("Results Path Setting: " + resultsPathSetting, build); -// // jr.assertLogContains("Project Folder: " + projectName, build); -// // jr.assertLogContains("Project is encrypted! Thank you for being secure.", build); -// // } - -// // @Test -// // public void testScriptedPipeline() throws Exception { -// // String agentLabel = "my-agent"; -// // jr.createOnlineSlave(Label.get(agentLabel)); -// // WorkflowJob job = jr.createProject(WorkflowJob.class, "test-scripted-pipeline"); -// // String pipelineScript = "node {\n" + " provarAutomation provarAutomationName: '" -// // + provarAutomationName + "',\n" + " buildFile: '" + buildFile + "',\n" -// // + " testPlan: '" + testPlan + "',\n" + " testFolder: '" + testFolder + "',\n" -// // + " environment: '" + environment + "',\n" + " browser: '" + browser + "',\n" -// // + " secretsPassword: '" + secretsPassword + "',\n" -// // + " salesforceMetadataCacheSetting: '" + salesforceMetadataCacheSetting + "',\n" -// // + " resultsPathSetting: '" + resultsPathSetting + "',\n" + " projectName: '" -// // + projectName + "'\n" + "}"; -// // job.setDefinition(new CpsFlowDefinition(pipelineScript, true)); - -// // WorkflowRun completedBuild = job.scheduleBuild2(quietPeriod).get(); -// // jr.assertBuildStatusSuccess(completedBuild); -// // jr.assertLogContains("Start of Pipeline", completedBuild); -// // } -// }
src/test/java/io/jenkins/plugins/delphix/ProvisionVDBFromSnapshotTest.java+0 −87 removed@@ -1,87 +0,0 @@ -// package io.jenkins.plugins.delphix; - - -// import com.cloudbees.plugins.credentials.CredentialsProvider; -// import com.cloudbees.plugins.credentials.CredentialsScope; -// import com.cloudbees.plugins.credentials.domains.Domain; -// import hudson.model.FreeStyleBuild; -// import hudson.model.FreeStyleProject; - -// import hudson.util.Secret; -// import io.jenkins.plugins.constant.Constant; -// import jenkins.model.GlobalConfiguration; -// import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; -// import org.junit.After; -// import org.junit.Before; -// import org.junit.Rule; -// import org.junit.Test; -// import org.jvnet.hudson.test.JenkinsRule; - - -// public class ProvisionVDBFromSnapshotTest { -// @Rule -// public JenkinsRule jenkins = new JenkinsRule(); - -// @Before -// public void init() throws Exception { -// DelphixGlobalConfiguration globalConfig1 = -// GlobalConfiguration.all().get(DelphixGlobalConfiguration.class); -// globalConfig1.setDctUrl("https://dct6.dlpxdc.co" + Constant.API_VERSION); - - -// globalConfig1.save(); - -// StringCredentialsImpl c = new StringCredentialsImpl(CredentialsScope.USER, "test123", -// "description", Secret.fromString( -// "apk 1.YKhbbGsoA2LUoaIpZ8nxPQsOQbQ5BBWAdB7AhWZISkGjeB6JsyiImpRP0EtKG86y")); -// CredentialsProvider.lookupStores(jenkins).iterator().next().addCredentials(Domain.global(), -// c); -// } - -// @Test -// public void testProvisionWithPolling() throws Exception { -// FreeStyleProject project = jenkins.createFreeStyleProject(); -// ProvisionVDBFromSnapshot builder = new ProvisionVDBFromSnapshot(); -// builder.setSourceDataId("4-ORACLE_DB_CONTAINER-6"); -// builder.setCredentialId("test123"); -// builder.setAutoSelectRepository(true); -// project.getBuildersList().add(builder); -// FreeStyleBuild build = jenkins.buildAndAssertSuccess(project); -// jenkins.assertLogContains("Current Job Status: COMPLETED", build); - -// DeleteVDB builder1 = new DeleteVDB(); -// builder1.setLoadFromProperties(true); -// builder1.setCredentialId("test123"); -// project.getBuildersList().add(builder1); -// FreeStyleBuild build1 = jenkins.buildAndAssertSuccess(project); -// jenkins.assertLogContains("Current Job Status: COMPLETED", build1); - -// } - -// // @Test -// // public void testProvisionWithoutPolling() throws Exception { -// // FreeStyleProject project = jenkins.createFreeStyleProject(); -// // ProvisionVDBFromSnapshot builder = new ProvisionVDBFromSnapshot(); -// // builder.setName("test123"); -// // builder.setSourceDataId("4-ORACLE_DB_CONTAINER-6"); -// // builder.setCredentialId("test123"); -// // builder.setAutoSelectRepository(true); -// // builder.setSkipPolling(true); -// // project.getBuildersList().add(builder); -// // FreeStyleBuild build = jenkins.buildAndAssertSuccess(project); -// // jenkins.assertLogContains("VDB status: UNKNOWN", build); -// // } - - -// // @After -// // public void destroy() throws Exception { -// // FreeStyleProject project = jenkins.createFreeStyleProject(); -// // DeleteVDB builder1 = new DeleteVDB(); -// // builder1.setName("test123"); -// // builder1.setCredentialId("test123"); -// // project.getBuildersList().add(builder1); -// // FreeStyleBuild build1 = jenkins.buildAndAssertSuccess(project); -// // jenkins.assertLogContains("Current Job Status: COMPLETED", build1); - -// // } -// }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-pfh3-j79r-vqrjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28162ghsaADVISORY
- www.jenkins.io/security/advisory/2024-03-06/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2024/03/06/3ghsaWEB
- github.com/jenkinsci/delphix-plugin/commit/798a36148526dbf6028eb6443f193c8f02c75cf2ghsaWEB
News mentions
1- Jenkins Security Advisory 2024-03-06Jenkins Security Advisories · Mar 6, 2024