Active Directory Plugin до 2.25 на Jenkins слабое шифрование

Поле	13.01.2022 07:29	15.01.2022 14:39
name	Active Directory Plugin	Active Directory Plugin
version	<=2.25	<=2.25
platform	Jenkins	Jenkins
cwe	319 (слабое шифрование)	319 (слабое шифрование)
risk	1	1
cvss3_vuldb_ac	H	H
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	N	N
cvss3_vuldb_a	N	N
cvss3_vuldb_rc	C	C
url	https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389	https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389
cve	CVE-2022-23105	CVE-2022-23105
cve_assigned	1641855600	1641855600
date	1642028400 (13.01.2022)	1642028400 (13.01.2022)
type	Jenkins Plugin	Jenkins Plugin
cvss2_vuldb_ac	H	H
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	N	N
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_av	A	A
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_av	A	A
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss2_vuldb_basescore	1.4	1.4
cvss2_vuldb_tempscore	1.4	1.4
cvss3_vuldb_basescore	2.6	2.6
cvss3_vuldb_tempscore	2.6	2.6
cvss3_meta_basescore	2.6	2.6
cvss3_meta_tempscore	2.6	2.6
price_0day	$0-$5k	$0-$5k
confirm_url		https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389
cve_nvd_summary		Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!