CVE-2022-23105: Cleartext Transmission of Sensitive Information

January 13, 2022 (updated November 29, 2022)

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

References

www.openwall.com/lists/oss-security/2022/01/12/6
github.com/advisories/GHSA-c8cc-hj57-vm65
nvd.nist.gov/vuln/detail/CVE-2022-23105
www.jenkins.io/security/advisory/2022-01-12/

Detect and mitigate CVE-2022-23105 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →