-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability (CWE-297) explicitly describes missing hostname validation during TLS connections. In Java applications, this typically occurs when the code configures an HTTP client (e.g., Apache HttpClient, HttpsURLConnection) with a permissive HostnameVerifier (e.g., ALLOW_ALL_HOSTNAME_VERIFIER) or skips hostname checks entirely. While the exact function names and file paths are unavailable without source code, the vulnerability pattern strongly indicates insecure SSL/TLS configuration logic in the connection setup code.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:view26 | maven | <= 1.0.7 |