SWAMP Security Notification: Vulnerability in SWAMP Plug-ins and Library

Dear SWAMP Users,

A MODERATE security vulnerability was discovered that affects the following versions (and earlier) of the SWAMP plug-ins and libraries on shared systems. Users who are not using any of the following plug-ins or libraries are not affected by this vulnerability.

IMPACTED VERSIONS

  • swamp-scms-plugin 1.3.4 and earlier
  • swamp-eclipse-plugin 1.1.0 and earlier
  • swamp-jenkins-plugin 1.1.1 and earlier
  • java-cli 1.4.1 and earlier

WHAT IS THE VULNERABILITY

When a vulnerable version of the software is run on a host by a user, it is possible for an attacker with an account on the same host to impersonate the user’s SWAMP identity and gain access to their SWAMP account. For each successful attack, the attacker will be able to impersonate the user for a maximum time period of two days.

WHAT YOU SHOULD DO

SWAMP users using affected plugins and libraries are recommended to update to the most current versions as soon as possible if they have not done so already. The vulnerability is remediated in the following versions or later:

Please contact SWAMP staff if you have any questions or concerns at support@continuousassurance.org.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s