Description
Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481
Related Vulnerabilities
CVE-2010-2227 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-2211 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci
CVE-2022-41242 Vulnerability in maven package org.jenkins-ci.plugins:extreme-feedback
CVE-2019-10448 Vulnerability in maven package jenkins.xtc:extensivetesting
CVE-2018-1000106 Vulnerability in maven package org.jenkins-ci.plugins:gerrit-trigger