It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-27T20:00:00Z

Updated: 2024-09-16T19:51:23.494Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2649

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-27T20:29:00.453

Modified: 2024-11-21T03:23:54.467

Link: CVE-2017-2649

cve-icon Redhat

No data.