CVE-2017-2649

Опубликовано: 27 июл. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Ссылки

http://www.securityfocus.com/bid/96986
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2017-03-20/
Vendor Advisory
http://www.securityfocus.com/bid/96986
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2017-03-20/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*

Версия до 2.2 (включая)

EPSS

Процентиль: 16%

0.00052

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-vcgj-j8c5-2h52