GHSA-qhxw-54m9-6wwc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qhxw-54m9-6wwc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhxw-54m9-6wwc/GHSA-qhxw-54m9-6wwc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qhxw-54m9-6wwc
- Aliases
- Published
- 2022-05-14T03:45:43Z
- Modified
- 2024-02-22T05:33:37.731519Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- MitM on Jenkins Maven Plugin
- Details
-
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.
- Database specific
{ "nvd_published_at": "2018-01-26T02:29:00Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-21T23:12:58Z" }- References
Affected packages
Maven / org.jenkins-ci.main:maven-plugin
Package
- Name
- org.jenkins-ci.main:maven-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/maven-plugin
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0
Affected versions
1.*
1.396
1.397
1.398
1.399
1.400
1.401
1.403
1.404
1.405
1.406
1.407
1.408
1.409
1.409.1
1.409.2
1.409.3
1.410
1.411
1.412
1.413
1.414
1.415
1.416
1.417
1.418
1.419
1.420
1.421
1.422
1.423
1.424
1.424.1
1.424.2
1.424.3
1.424.4
1.424.5
1.424.6
1.425
1.426
1.427
1.428
1.429
1.430
1.431
1.432
1.433
1.434
1.435
1.436
1.437
1.438
1.439
1.440
1.441
1.442
1.443
1.444
1.445
1.446
1.447
1.447.1
1.447.2
1.448
1.449
1.450
1.451
1.452
1.453
1.454
1.455
1.456
1.457
1.458
1.459
1.460
1.461
1.462
1.463
1.464
1.465
1.466
1.466.1
1.466.2
1.467
1.468
1.469
1.470
1.471
1.472
1.473
1.474
1.475
1.476
1.477
1.478
1.479
1.480
1.480.1
1.480.2
1.480.3
1.481
1.482
1.483
1.484
1.485
1.486
1.487
1.488
1.489
1.490
1.491
1.492
1.493
1.494
1.495
1.496
1.497
1.498
1.499
1.500
1.501
1.502
1.503
1.504
1.505
1.506
1.507
1.508
1.509
1.509.1
1.509.2
1.509.2.JENKINS-8856-diag
1.509.2.JENKINS-14362-jzlib
1.509.3
1.509.3.JENKINS-14362-jzlib
1.509.4
1.510
1.511
1.512
1.513
1.514
1.515
1.516
1.516.JENKINS-14362-jzlib
1.517
1.518
1.518.JENKINS-14362-jzlib
1.519
1.520
1.521
1.522
1.523
1.524
1.525
1.526
1.527
1.528
1.529
1.530
1.531
1.532
1.533
1.534
2.*
2.0-beta-1
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.7.1
2.8
2.9
2.10
2.11
2.12
2.12.1
2.13
2.14
2.15
2.15.1
2.16
2.17
3.*
3.0-rc1
3.0-rc2