Active Directory Plugin do 2.25 na Jenkins weak encryption

W Active Directory Plugin do 2.25 na Jenkins (Jenkins Plugin) została odkryta podatność. Dotknięta jest nieznana funkcja. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2022-01-13 07:292022-01-15 14:39
nameActive Directory PluginActive Directory Plugin
version<=2.25<=2.25
platformJenkinsJenkins
cwe319 (słabe szyfrowanie)319 (słabe szyfrowanie)
risk11
cvss3_vuldb_acHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389
cveCVE-2022-23105CVE-2022-23105
cve_assigned16418556001641855600
date1642028400 (2022-01-13)1642028400 (2022-01-13)
typeJenkins PluginJenkins Plugin
cvss2_vuldb_acHH
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore1.41.4
cvss2_vuldb_tempscore1.41.4
cvss3_vuldb_basescore2.62.6
cvss3_vuldb_tempscore2.62.6
cvss3_meta_basescore2.62.6
cvss3_meta_tempscore2.62.6
price_0day$0-$5k$0-$5k
confirm_urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389
cve_nvd_summaryJenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

Might our Artificial Intelligence support you?

Check our Alexa App!