The Plugins Manager in Jenkins prior to 1.640 and LTS prior to 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle malicious users to execute arbitrary code via a crafted plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
redhat openshift 2.0 |
||
redhat openshift 3.1 |