9 results (0.007 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials. • http://www.openwall.com/lists/oss-security/2023/07/12/2 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. El plugin Jenkins Active Directory versiones 2.25 y anteriores, no cifran la transmisión de datos entre el controlador Jenkins y los servidores de Active Directory en la mayoría de las configuraciones • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Active Directory Plugin versiones 2.19 y anteriores, permite a atacantes llevar a cabo pruebas de conexión y conectarse a servidores de Active Directory especificados por el atacante o configurados previamente usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2020/11/04/6 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2126 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. Jenkins Active Directory Plugin versiones 2.19 y anteriores, permite a atacantes iniciar sesión como cualquier usuario con cualquier contraseña mientras una autenticación con éxito de ese usuario todavía está en la caché opcional cuando se usa el modo Windows/ADSI • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2123 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. Una falta de comprobación de permisos en Jenkins Active Directory Plugin versiones 2.19 y anteriores, permite a atacantes con permiso Overall/Read acceder a la página domain health check diagnostic • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1999 • CWE-862: Missing Authorization •