Steven Christou

Name of the Vulnerable Software and Affected Versions: Active Directory Plugin for Jenkins versions up to and including 2.2 Description: The issue allows for Man-in-the-Middle attacks due to the lack of certificate verification of the Active Directory server. Recommendations: For versions up to and including 2.2, update to a version that verifies certificates of the Active Directory server to prevent Man-in-the-Middle attacks.

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Client Plugin version 2.4.2 and earlier **Description** The issue results in information disclosure due to the creation of a temporary file with insecure permissions. **Recommendations** For Jenkins Git Client Plugin version 2.4.2 and earlier, update to a version later than 2.4.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Parameterized Trigger Plugin (affected versions not specified) **Description** The issue arises from the Parameterized Trigger Plugin's failure to check the build authentication it was running as, allowing it to trigger any other project in Jenkins. This could potentially lead to unauthorized access and execution of projects. The plugin has been adapted to check for Item/Build permission before triggering a downstream build. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.