From a1e6d4d19afc71051b30a59306cc3f1c36c2ae0a Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Sat, 16 Mar 2019 13:35:54 -0500
Subject: [PATCH] Update note about staging payloads over HTTPS

---
 modules/exploits/multi/http/jenkins_metaprogramming.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/jenkins_metaprogramming.rb b/modules/exploits/multi/http/jenkins_metaprogramming.rb
index 07cbfbef05..27ab60c9c3 100644
--- a/modules/exploits/multi/http/jenkins_metaprogramming.rb
+++ b/modules/exploits/multi/http/jenkins_metaprogramming.rb
@@ -114,7 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
       fail_with(Failure::NotVulnerable, 'Set ForceExploit to override')
     end
 
-    # NOTE: Staging payloads over HTTPS doesn't work (yet?)
+    # NOTE: Jenkins/Groovy/Ivy uses HTTP unconditionally, so we can't use HTTPS
     # HACK: Both HttpClient and HttpServer use datastore['SSL']
     ssl = datastore['SSL']
     datastore['SSL'] = false