CVE-2017-1000396 in Jenkins信息

摘要

由 MITRE

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

来源

Want to stay up to date on a daily basis?

Enable the mail alert feature now!