CVE-2014-3577 log

Source
Severity Medium
Remote Yes
Type Certificate verification bypass
Description
Jenkins 2.314 and earlier bundles a version of the commons-httpclient library with the vulnerability CVE-2014-3577 that incorrectly verified SSL/TLS certificates, making it susceptible to man-in-the-middle attacks.
Group Package Affected Fixed Severity Status Ticket
AVG-2448 jenkins 2.314-1 2.315-1 Medium Fixed
References
https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2475