CVE-2017-2649: Improper Certificate Validation

May 13, 2022 (updated January 30, 2024)

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 does not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

References

www.securityfocus.com/bid/96986
github.com/advisories/GHSA-vcgj-j8c5-2h52
jenkins.io/security/advisory/2017-03-20/
nvd.nist.gov/vuln/detail/CVE-2017-2649

Detect and mitigate CVE-2017-2649 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →