Jenkins vSphere Plugin: SSL/TLS Certificate Validation Bypass Vulnerability

Jenkins vSphere Plugin: SSL/TLS Certificate Validation Bypass Vulnerability

CVE-2018-1000151 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.

Learn more about our Web Application Penetration Testing UK.