PT-2022-15847 · Jenkins · Jenkins Active Directory Plugin+1

Published

2022-01-12

Updated

2023-11-15

CVE-2022-23105

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions 2.25 and earlier

Description The issue concerns the transmission of data between the Jenkins controller and Active Directory servers, which is not encrypted in most configurations.

Recommendations For Jenkins Active Directory Plugin versions 2.25 and earlier, update to a version that encrypts the transmission of data between the Jenkins controller and Active Directory servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2022-23105

GHSA-C8CC-HJ57-VM65

Affected Products

Jenkins

Jenkins Active Directory Plugin

PT-2022-15847 · Jenkins · Jenkins Active Directory Plugin+1

CVE-2022-23105

Weakness Enumeration

Related Identifiers

Affected Products

References · 9