Category Archives: Plug-ins

SWAMP Plug-Ins Updates

Updates are now available for the following SWAMP plug-ins:

If a user submits an assessment with a tool that they do not have permission to use, the assessment is not submitted and an error is reported to the user.

SWAMP plug-ins can be found in the Jenkins and Eclipse marketplaces and on GitHub: https://github.com/mirswamp.

SWAMP Plug-Ins Updates

Updates are now available for the following pieces of SWAMP open-source software!

  • Java-CLI version 1.5.3
  • SWAMP-Jenkins-Plugin version 1.2.2
  • SWAMP-Eclipse-Plugin version 1.1.3

These updates address a cookie expiration issue that was impacting plug-ins used with SWAMP-in-a-Box instances that did not have the time set to current.

SWAMP plug-ins can be found in the Jenkins and Eclipse marketplaces and on GitHub: https://github.com/mirswamp.

SWAMP Security Notification: Vulnerability in SWAMP Plug-ins and Library

Dear SWAMP Users,

A MODERATE security vulnerability was discovered that affects the following versions (and earlier) of the SWAMP plug-ins and libraries on shared systems. Users who are not using any of the following plug-ins or libraries are not affected by this vulnerability.

IMPACTED VERSIONS

  • swamp-scms-plugin 1.3.4 and earlier
  • swamp-eclipse-plugin 1.1.0 and earlier
  • swamp-jenkins-plugin 1.1.1 and earlier
  • java-cli 1.4.1 and earlier

WHAT IS THE VULNERABILITY

When a vulnerable version of the software is run on a host by a user, it is possible for an attacker with an account on the same host to impersonate the user’s SWAMP identity and gain access to their SWAMP account. For each successful attack, the attacker will be able to impersonate the user for a maximum time period of two days.

WHAT YOU SHOULD DO

SWAMP users using affected plugins and libraries are recommended to update to the most current versions as soon as possible if they have not done so already. The vulnerability is remediated in the following versions or later:

Please contact SWAMP staff if you have any questions or concerns at support@continuousassurance.org.

SWAMP SCMS Plug-In Update

A new version of the SWAMP plug-in for source code management with git and Subversion is available on GitHub!
The 1.3.4 version of the swamp-scms-plugin allows assessment of web projects, supports future swamp platforms, and provides support for using a proxy to communicate with SWAMP. In addition, some query commands were added to make it easier to find values for the config file.
« Older Entries