Jenkins: >> Active Directory >> 2.20 Security Vulnerabilities
Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-07-12
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-12