CVE-2017-1000396 in Jenkinsالمعلومات

الملخص

بحسب MITRE

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

29/11/2017

إفشاء

25/01/2018

الاعتدال

تمت الموافقة

إدخال

VDB-112465

EPSS

0.00497

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!