Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

Description

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/07/12/2

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059

Related Vulnerabilities

CVE-2019-5484 Vulnerability in npm package bower

CVE-2019-16564 Vulnerability in maven package com.paul8620.jenkins.plugins:pipeline-aggregator-view

CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui

CVE-2020-5398 Vulnerability in maven package org.springframework:spring-web

CVE-2021-37712 Vulnerability in npm package tar

Severity

Medium

Classification

CWE-311 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory