CVE-2017-1000396 in Jenkinsinformazioni

Riassunto

di MITRE

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Fonti

Do you need the next level of professionalism?

Upgrade your account now!