CVE-2019-16561

Summary

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins WebSphere Deployer Pluginunspecified <= 1.6.1affected
Jenkins projectJenkins WebSphere Deployer Pluginnext of 1.6.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References