Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-26
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Products | Swarm |
Type | Improper Input Validation (CWE-20) |
First patch | - None (likely due to unavailable code) |
Links | https://jenkins.io/security/advisory/2017-10-11/ |