CVE-2017-2649

EPSS 1.0%CWE-295

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Affected products

Jenkins project · Active Directory Jenkins plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jenkins.io/security/advisory/2017-03-20/http://www.securityfocus.com/bid/96986