Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 1:4 a.m.3 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1929 more potentially affected by CVE-2017-1000396 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.7)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2017-1000396 Source advisory: OSV:GHSA-FQ9F-9WV9-RFMG...

5.9CVSS6.5AI score0.00497EPSS
Exploits0
OSV
OSV
added 2018/01/26 2:29 a.m.30 views

CVE-2017-1000396

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...

5.9CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2018/01/26 2:0 a.m.112 views

CVE-2017-1000396

CVE-2017-1000396 affects Jenkins 2.73.1 and earlier (up to 2.83) via a bundled commons-httpclient where CVE-2012-6153 allowed MITM due to improper SSL hostname verification. The vulnerability is conveyed through transitive dependencies in plugins. The fix for CVE-2012-6153 was backported to the c...

5.9CVSS5.9AI score0.00497EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2017/11/21 11:21 a.m.27 views

CVE-2017-1000396

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...

5.9CVSS2.8AI score0.05844EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/11/07 12:0 a.m.28 views

Jenkins Multiple Vulnerabilities (Oct 2017) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

9CVSS6AI score0.05844EPSS
Exploits0References1
Rows per page
Query Builder