CVE-2019-10444
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
4.8
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service. Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.
How to fix CVE-2019-10444
To remediate CVE-2019-10444, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.4 or later
Is CVE-2019-10444 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.1.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.8 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |