CVE-2017-2649 – org.jenkins-ci.plugins:active-directory

Package

Manager: maven
Name: org.jenkins-ci.plugins:active-directory
Vulnerable Version: >=0 <2.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00052 pctl0.15864

Details

Jenkins Active Directory Plugin did not verify certificate of AD server It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Metadata

Created: 2022-05-13T01:36:52Z
Modified: 2024-01-30T22:46:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vcgj-j8c5-2h52/GHSA-vcgj-j8c5-2h52.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-vcgj-j8c5-2h52
Finding: F163
Auto approve: 1