Maven package
org.jenkins-ci.plugins/delphix
pkg:maven/org.jenkins-ci.plugins/delphix
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28162 | — | >= 3.0.1, < 3.1.1 | 3.1.1 | Mar 6, 2024 | In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation t | ||
| CVE-2024-28161 | — | >= 3.0.1, < 3.0.2 | 3.0.2 | Mar 6, 2024 | In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. | ||
| CVE-2023-40345 | — | < 3.0.3 | 3.0.3 | Aug 16, 2023 | Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | ||
| CVE-2023-40344 | — | < 3.0.3 | 3.0.3 | Aug 16, 2023 | A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2019-10453 | — | <= 2.0.4 | — | Oct 16, 2019 | Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
- CVE-2024-28162Mar 6, 2024affected >= 3.0.1, < 3.1.1fixed 3.1.1
In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation t
- CVE-2024-28161Mar 6, 2024affected >= 3.0.1, < 3.0.2fixed 3.0.2
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
- CVE-2023-40345Aug 16, 2023affected < 3.0.3fixed 3.0.3
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
- CVE-2023-40344Aug 16, 2023affected < 3.0.3fixed 3.0.3
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2019-10453Oct 16, 2019affected <= 2.0.4
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.