Описание
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | jenkins-plugin-swarm | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-300
https://bugzilla.redhat.com/show_bug.cgi?id=1501815jenkins-pugin-swarm: Swarm Plugin Client bundled vulnerable version of the commons-httpclient library (SECURITY-597)
4.8 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.9
nvd
около 8 лет назад
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
CVSS3: 5.9
github
больше 3 лет назад
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks
4.8 Medium
CVSS3