SWAMP Security Notification: Vulnerability in SWAMP Plug-ins and Library

Dear SWAMP Users,

A MODERATE security vulnerability was discovered that affects the following versions (and earlier) of the SWAMP plug-ins and libraries on shared systems. Users who are not using any of the following plug-ins or libraries are not affected by this vulnerability.


  • swamp-scms-plugin 1.3.4 and earlier
  • swamp-eclipse-plugin 1.1.0 and earlier
  • swamp-jenkins-plugin 1.1.1 and earlier
  • java-cli 1.4.1 and earlier


When a vulnerable version of the software is run on a host by a user, it is possible for an attacker with an account on the same host to impersonate the user’s SWAMP identity and gain access to their SWAMP account. For each successful attack, the attacker will be able to impersonate the user for a maximum time period of two days.


SWAMP users using affected plugins and libraries are recommended to update to the most current versions as soon as possible if they have not done so already. The vulnerability is remediated in the following versions or later:

Please contact SWAMP staff if you have any questions or concerns at support@continuousassurance.org.


Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.