GHSA-vcgj-j8c5-2h52, CVE-2017-2649
maven/org.jenkins-ci.plugins/active-directory
Improper Certificate Validation
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 does not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
All versions up to 2.2
Upgrade to version 2.3 or above.
2024-01-31
source |