CVE-2022-28142: 
Java vulnerability analysis and mitigation

Jenkins Proxmox Plugin 0.6.0 and earlier contains a security vulnerability related to SSL/TLS certificate validation. The vulnerability was discovered and disclosed on March 29, 2022, affecting the Jenkins Proxmox Plugin versions up to and including 0.6.0. This vulnerability is tracked as CVE-2022-28142 (Jenkins Advisory, CVE Mitre).

The vulnerability occurs when the plugin is configured to ignore SSL/TLS issues, which results in disabling SSL/TLS certificate validation globally for the entire Jenkins controller Java Virtual Machine (JVM). This configuration affects the security of all SSL/TLS connections made by the Jenkins controller, not just those related to the Proxmox Plugin. The vulnerability has been assigned a Medium severity CVSS rating (Jenkins Advisory).

When exploited, this vulnerability compromises the security of all SSL/TLS connections made by the Jenkins controller, potentially exposing the system to man-in-the-middle attacks and other SSL/TLS-related security issues. The global nature of the certificate validation disable means that it affects not just the Proxmox Plugin's connections, but all SSL/TLS connections made by the Jenkins controller (Jenkins Advisory).

The vulnerability was fixed in Proxmox Plugin version 0.7.0, which no longer disables SSL/TLS certificate validation for the entire Jenkins controller JVM. Users are advised to upgrade to version 0.7.0 or later to address this security issue (Jenkins Advisory).