-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability root cause lies in how SSL validation configuration was stored and applied. The pre-patch code in DctSdkUtil's constructor only set SSL verification based on a configuration flag that wasn't dynamically reloaded. The DelphixGlobalConfiguration's sslCheck property had inverted semantics (positive-framed flag for disabling validation) that required restart to take effect when changing from disabled to enabled state. The patch renamed the property to disableSsl and removed the conditional logic, directly binding the configuration state to verification behavior without requiring restart.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:delphix | maven | >= 3.0.1, < 3.1.1 | 3.1.1 |