PT-2026-55147 · Maven · Org.Jenkins-Ci.Plugins:Active-Directory

Publicado

2026-05-27

·

Atualizado

2026-05-27

CVSS v3.1

6.6

Média

VetorAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals from the configured Active Directory server by default. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization "gadgets" are available on the classpath.
This allows attackers able to control the configured Active Directory server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.
Active Directory Plugin 2.41.1 no longer follows LDAP referrals by default.
Administrators unable to update to a fixed version can start Jenkins with the Java system property hudson.plugins.active directory.referral.ignore set to true to mitigate the vulnerability.
Administrators of Jenkins controllers requiring following LDAP referrals can set the Java system property hudson.plugins.active directory.referral.ignore to false to restore the previous behavior.

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

GHSA-P2GW-F3RV-82MW

Produtos afetados

Org.Jenkins-Ci.Plugins:Active-Directory