EPSS
Percentile
53.8%
Jenkins Cadence vManager Plugin prior to version 2.7.1 disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This issue is patched in 2.7.1
github.com/jenkinsci/vmanager-plugin
github.com/jenkinsci/vmanager-plugin/commit/639aa135ab57d9e23c5bedeb0a5e9518eb0f486e
jenkins.io/security/advisory/2019-10-16/#SECURITY-1615
nvd.nist.gov/vuln/detail/CVE-2019-10446