Jenkins Insufficient Verification of Data Authenticity Vulnerability - CVE-2015-7539
Reference:
CVE-2015-7539
Title:
Jenkins Insufficient Verification of Data Authenticity Vulnerability
Overview:
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.