search

jfrog / jenkins-artifactory-plugin

Jenkins artifactory plugin
http://jenkins-ci.org/
114 stars 187 forks source link

[🐸 Frogbot] Update version of org.bouncycastle:bcpkix-jdk18on to 1.78 #938

Open github-actions[bot] opened 4 months ago

github-actions[bot] commented 4 months ago
[![🚨 This automated pull request was created by Frogbot and fixes the below:](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

📦 Vulnerable Dependencies

✍️ Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | CVES | | :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/notApplicableMedium.png)
Medium | Not Applicable | org.mock-server:mockserver-netty:5.14.0 | org.bouncycastle:bcpkix-jdk18on 1.77 | [1.78] | CVE-2024-30171 |

🔬 Research Details

Description: An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)