Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.
History

Thu, 07 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-07-12T15:52:46.885Z

Updated: 2024-11-07T15:02:58.066Z

Reserved: 2023-07-11T09:47:04.493Z

Link: CVE-2023-37943

cve-icon Vulnrichment

Updated: 2024-08-02T17:23:27.749Z

cve-icon NVD

Status : Modified

Published: 2023-07-12T16:15:13.063

Modified: 2024-11-21T08:12:30.647

Link: CVE-2023-37943

cve-icon Redhat

No data.