org.jenkins-ci.main:jenkins-parent@2.170-SNAPSHOT: LGPL-2.1 license
Created by: armorcodegithubqa[bot]
Component Details
- Vulnerable Package: org.samba.jcifs:jcifs
- Current Version: 1.3.17-kohsuke-1
- Vulnerable Version(s): >[0,)
- Vulnerable Path: >org.jenkins-ci.main:jenkins-parent@2.170-SNAPSHOT,org.jenkins-ci.main:jenkins-core@2.170-SNAPSHOT,org.kohsuke.jinterop:j-interop@2.0.6-kohsuke-1,org.kohsuke.jinterop:j-interopdeps@2.0.6-kohsuke-1,org.samba.jcifs:jcifs@1.3.17-kohsuke-1>
LGPL-2.1 license
- Vulnerable Version(s): >[0,)
- Vulnerable Path: >org.jenkins-ci.main:jenkins-parent@2.170-SNAPSHOT,org.jenkins-ci.main:jenkins-war@2.170-SNAPSHOT,org.jenkins-ci.main:jenkins-core@2.170-SNAPSHOT,org.kohsuke.jinterop:j-interop@2.0.6-kohsuke-1,org.kohsuke.jinterop:j-interopdeps@2.0.6-kohsuke-1,org.samba.jcifs:jcifs@1.3.17-kohsuke-1>
LGPL-2.1 license
File Path: jenkins-parent > org.jenkins-ci.main:0
Mitigation: ## Remediation
Upgrade org.springframework:spring-webmvc to version 4.3.15, 5.0.5 or higher.
https://qa.armorcode.ai/#/findings/4859294
Knowledge Base: Man in the Middle (MITM) Attack:https://qa.armorcode.ai/#/knowledgeBase/45