Red Hat Security Advisory 2013-0700-01 - Jenkins is a continuous integration server. It was found that all SSL certificate checking was disabled by default in the Apache Maven Wagon plug-in of Jenkins. This would make it easy for an attacker to perform man-in-the-middle attacks. Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to this updated package, which corrects this issue.
2e1474d74bdc6d15346e98b54cdf58c4ef035856653a88200746b02f047d94db
Apache Maven version 3.0.4 (with Apache Maven Wagon version 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.
54b8a3c9c72b613700cbc8a0df15bda1fc8bf0236fd7a3b9243695817a44ea7f