-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:delphix | maven | = 3.0.1 | 3.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key elements: 1) The DctSdkUtil constructor's conditional that disabled SSL verification when the global config flag was false (default insecure state). 2) The configuration system that defined 'sslCheck' as an opt-in security measure rather than opt-out. The commit diff shows the logic inversion in DctSdkUtil.java and documentation changes clarifying the 'disable validation' semantics, confirming these functions' roles in the vulnerability.