Date: Sat, 18 Nov 2017 08:23:48 +0100 From: Daniel Beck <ml@...kweb.net> To: oss-security@...ts.openwall.com Subject: Re: Multiple vulnerabilities in Jenkins plugins > On 11. Oct 2017, at 18:25, Daniel Beck <ml@...kweb.net> wrote: > > SECURITY-557 > Maven Plugin bundled a version of the commons-httpclient library with the > vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, > making it susceptible to man-in-the-middle attacks. CVE-2017-1000397 > SECURITY-597 > Swarm Plugin Client bundled a version of the commons-httpclient library > with the vulnerability CVE-2012-6153 that incorrectly verified SSL > certificates, making it susceptible to man-in-the-middle attacks. CVE-2017-1000402 > SECURITY-623 > Speaks! Plugin allows users with Job/Configure permission to run arbitrary > Groovy code inside the Jenkins JVM, effectively elevating privileges to > Overall/Run Scripts. CVE-2017-1000403
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ