CVE-2017-2649

CVSS v3.0 8.1 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.12 % (47^th)

Affected Products 1

Advisories 1

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Weaknesses

CWE-295: Improper Certificate Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-07-27 20:29:00
(6 years ago)
Updated Date: 2019-10-09 23:27:01
(5 years ago)

Affected Products

Jenkins

Active Directory

Configuration #1

		CPE23	From	Up To
	Jenkins Active Directory for Jenkins 2.2 and prior versions	cpe:2.3:a:jenkins:active_directory::::::jenkins		<= 2.2