We found results for “”
CVE-2022-23105
Good to know:
Date: January 12, 2022
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Cleartext Transmission of Sensitive Information
CWE-319Top Fix
Upgrade Version
Upgrade to version active-directory-2.23.1,active-directory-2.24.1,active-directory-2.25.1
CVSS v3
Base Score: |
|
---|---|
Attack Vector (AV): | |
Attack Complexity (AC): | |
Privileges Required (PR): | |
User Interaction (UI): | |
Scope (S): | |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | |
Access Complexity (AC): | |
Authentication (AU): | |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |