CVE-2017-2649

Improper Certificate Validation in maven/org.jenkins-ci.plugins/active-directory

Identifiers

GHSA-vcgj-j8c5-2h52, CVE-2017-2649

Package Slug

maven/org.jenkins-ci.plugins/active-directory

Vulnerability

Improper Certificate Validation

Description

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 does not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Affected Versions

All versions up to 2.2

Solution

Upgrade to version 2.3 or above.

Last Modified

2024-01-31

source