3 matches found
com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.6.2) +119 more potentially affected by CVE-2017-1000397 via org.jenkins-ci.main:maven-plugin (>=1.396 <=2.9)
org.jenkins-ci.main:maven-plugin MAVEN version =1.396, =1.0.0, =1.0.0, =1.0.0, =1.0b, =0.9, =0.4.0, =1.2, =1.0.0, =1.7, =0.9, =0.1, =0.33, =1.396, =1.644 and more Source cves: CVE-2017-1000397 Source advisory: OSV:GHSA-QHXW-54M9-6WWC...
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient...
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient...