QID 996943
Date Published: 2024-01-30
QID 996943: Java (Maven) Security Update for org.jenkins-ci.plugins:active-directory (GHSA-2h95-4xw9-m68j)
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-2h95-4xw9-m68j for updates and patch information.
Vendor References
- GHSA-2h95-4xw9-m68j -
github.com/advisories/GHSA-2h95-4xw9-m68j
CVEs related to QID 996943
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-2h95-4xw9-m68j | org.jenkins-ci.plugins:active-directory |
github.com/advisories/GHSA-2h95-4xw9-m68j |