Jenkins bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. External References: https://jenkins.io/security/advisory/2017-10-11/
Created jenkins tracking bugs for this issue: Affects: openshift-1 [bug 1501973]
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1558858]
Openshift is now using Jenkins version 2.83.2. Marking both Online and Enterprise as not affected.