Описание
Jenkins Active Directory Plugin did not verify certificate of AD server
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Пакеты
Наименование
org.jenkins-ci.plugins:active-directory
maven
Затронутые версииВерсия исправления
<= 2.2
2.3
Связанные уязвимости
CVSS3: 8.1
nvd
больше 7 лет назад
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.