GHSA-qhxw-54m9-6wwc

Source

https://github.com/advisories/GHSA-qhxw-54m9-6wwc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhxw-54m9-6wwc/GHSA-qhxw-54m9-6wwc.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qhxw-54m9-6wwc

Aliases

CVE-2017-1000397

Published

2022-05-14T03:45:43Z

Modified

2024-02-22T05:24:29.734597Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

MitM on Jenkins Maven Plugin

Details

Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "nvd_published_at": "2018-01-26T02:29:00Z",
    "github_reviewed_at": "2023-12-21T23:12:58Z",
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.main:maven-plugin

Package

Name: org.jenkins-ci.main:maven-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/maven-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0

Affected versions

1.*

1.396

1.397

1.398

1.399

1.400

1.401

1.403

1.404

1.405

1.406

1.407

1.408

1.409

1.409.1

1.409.2

1.409.3

1.410

1.411

1.412

1.413

1.414

1.415

1.416

1.417

1.418

1.419

1.420

1.421

1.422

1.423

1.424

1.424.1

1.424.2

1.424.3

1.424.4

1.424.5

1.424.6

1.425

1.426

1.427

1.428

1.429

1.430

1.431

1.432

1.433

1.434

1.435

1.436

1.437

1.438

1.439

1.440

1.441

1.442

1.443

1.444

1.445

1.446

1.447

1.447.1

1.447.2

1.448

1.449

1.450

1.451

1.452

1.453

1.454

1.455

1.456

1.457

1.458

1.459

1.460

1.461

1.462

1.463

1.464

1.465

1.466

1.466.1

1.466.2

1.467

1.468

1.469

1.470

1.471

1.472

1.473

1.474

1.475

1.476

1.477

1.478

1.479

1.480

1.480.1

1.480.2

1.480.3

1.481

1.482

1.483

1.484

1.485

1.486

1.487

1.488

1.489

1.490

1.491

1.492

1.493

1.494

1.495

1.496

1.497

1.498

1.499

1.500

1.501

1.502

1.503

1.504

1.505

1.506

1.507

1.508

1.509

1.509.1

1.509.2

1.509.2.JENKINS-8856-diag

1.509.2.JENKINS-14362-jzlib

1.509.3

1.509.3.JENKINS-14362-jzlib

1.509.4

1.510

1.511

1.512

1.513

1.514

1.515

1.516

1.516.JENKINS-14362-jzlib

1.517

1.518

1.518.JENKINS-14362-jzlib

1.519

1.520

1.521

1.522

1.523

1.524

1.525

1.526

1.527

1.528

1.529

1.530

1.531

1.532

1.533

1.534

2.*

2.0-beta-1

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.7.1

2.8

2.9

2.10

2.11

2.12

2.12.1

2.13

2.14

2.15

2.15.1

2.16

2.17

3.*

3.0-rc1

3.0-rc2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhxw-54m9-6wwc/GHSA-qhxw-54m9-6wwc.json"