Description
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Remediation
References
https://jenkins.io/security/advisory/2017-03-20/
http://www.securityfocus.com/bid/96986
Related Vulnerabilities
CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2018-14041 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2016-0788 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-37260 Vulnerability in npm package steal
CVE-2015-5348 Vulnerability in maven package org.apache.camel:camel-http