Описание
MitM on Jenkins Maven Plugin
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.
Пакеты
Наименование
org.jenkins-ci.main:maven-plugin
maven
Затронутые версииВерсия исправления
< 3.0
3.0
Связанные уязвимости
CVSS3: 5.9
nvd
около 8 лет назад
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.