4 matches found
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2187 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2187 Source advisory:...
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
CVE-2020-2187
The CVE-2020-2187 issue affects Jenkins Amazon EC2 Plugin (versions 1.50.1 and earlier). The root cause is that the plugin unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents, enabling man-in-the-middle attacks. Impact ...