Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xaHh3LTU0bTktNnd3Y84AAXcQ
MitM on Jenkins Maven Plugin
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.
Permalink: https://github.com/advisories/GHSA-qhxw-54m9-6wwcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaHh3LTU0bTktNnd3Y84AAXcQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 5 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-qhxw-54m9-6wwc, CVE-2017-1000397
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000397
- https://www.jenkins.io/security/advisory/2017-10-11/
- https://github.com/advisories/GHSA-qhxw-54m9-6wwc
Affected Packages
maven:org.jenkins-ci.main:maven-plugin
Affected Version Ranges: < 3.0Fixed in: 3.0