Lucene search
GoogleOSV:GHSA-2H95-4XW9-M68JHistoryMay 13, 2022 - 1:31 a.m.
Jenkins Active Directory Plugin Improper certificate validation with StartTLS
2022-05-1301:31:35
Google
osv.dev
5
jenkins
active directory
plugin
certificate validation
starttls
impersonation
authentication
vulnerability
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.
Related
cve
cve
CVE-2019-1003009
2019-02-06 16:29:00
prion
prion
Input validation
2019-02-06 16:29:00
osv
osv
CVE-2019-1003009
2019-02-06 16:29:00
cvelist
cvelist
CVE-2019-1003009
2019-02-06 16:00:00
nvd
nvd
CVE-2019-1003009
2019-02-06 16:29:00
github
github