Data Transmission Vulnerability in Jenkins Active Directory Plugin by CloudBees
CVE-2022-23105

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Active Directory Plugin
Vendor: CVE Published:; 12 January 2022

Summary

The Jenkins Active Directory Plugin versions 2.25 and earlier are impacted by a vulnerability that allows unencrypted transmission of data between the Jenkins controller and Active Directory servers. This lack of encryption can expose sensitive information during the communication process, putting user data at risk. It is essential for users of this plugin to take the necessary steps to mitigate this exposure by applying the latest security updates and configurations.

Affected Version(s)

Jenkins Active Directory Plugin <= 2.25

Jenkins Active Directory Plugin 2.23.1

Jenkins Active Directory Plugin 2.24.1

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/01/12/6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Jan 11, 2022