CVE-2017-1000396 in Jenkinsthông tin

Tóm tắt

Bởi MITRE

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Đặt trước

29/11/2017

Tiết lộ

25/01/2018

Kiểm duyệt

được chấp nhận

EPSS

0.00497

KEV

không

Các hoạt động

rất thấp

Nguồn

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!