GHSA-xmqv-pfw7-qmj7
GitHub Security Advisory
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application.
CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment for the specific connection.
This issue was caused by an incomplete fix for [SECURITY-937](https://www.jenkins.io/security/advisory/2019-02-19/#SECURITY-937).
Affected Packages
Maven
org.jenkins-ci.plugins:electricflow
Affected versions:
0
(fixed in 1.1.7)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 24, 2025 6:28 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.