Количество 2
Количество 2
CVE-2023-37943
Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.
GHSA-g8c3-6fj2-87w7
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-37943 Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials. | CVSS3: 5.9 | 0% Низкий | больше 2 лет назад |
| GHSA-g8c3-6fj2-87w7 Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure | CVSS3: 5.9 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу