(RHSA-2013:0700) Moderate: jenkins security update

2013-04-02T04:00:00
ID RHSA-2013:0700
Type redhat
Reporter RedHat
Modified 2018-06-09T14:17:09

Description

Jenkins is a continuous integration server.

It was found that all SSL certificate checking was disabled by default in the Apache Maven Wagon plug-in of Jenkins. This would make it easy for an attacker to perform man-in-the-middle attacks. (CVE-2013-0253)

Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to this updated package, which corrects this issue.