An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-859 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2022-10-03T16:19:42
Updated: 2023-10-24T16:44:40.612Z
Reserved: 2022-10-03T00:00:00
Link: CVE-2019-1003009
JSON object: View
NVD Information
Status : Modified
Published: 2019-02-06T16:29:00.530
Modified: 2023-10-25T18:16:01.657
Link: CVE-2019-1003009
JSON object: View
Redhat Information
No data.
CWE