*** This bug is a security vulnerability *** Private security bug reported:
urllib2 does not do any verification of TLS by default and so python- jenkins is vulnerable to MITM attacks. The most common solution to this is to switch to http://docs.python- requests.org/en/latest/ which does this verification by default. ** Affects: python-jenkins Importance: Undecided Status: New -- You received this bug notification because you are a member of Python Jenkins Developers, which is subscribed to Python Jenkins. https://bugs.launchpad.net/bugs/1363189 Title: Does not validate TLS certificates allowing trivial MITM. Status in Python API for Jenkins: New Bug description: urllib2 does not do any verification of TLS by default and so python- jenkins is vulnerable to MITM attacks. The most common solution to this is to switch to http://docs.python- requests.org/en/latest/ which does this verification by default. To manage notifications about this bug go to: https://bugs.launchpad.net/python-jenkins/+bug/1363189/+subscriptions -- Mailing list: https://launchpad.net/~python-jenkins-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~python-jenkins-developers More help : https://help.launchpad.net/ListHelp
