CVE-2017-2649

CWE-295Improper Certificate Validation6 documents6 sources
Severity
8.1HIGH
EPSS
0.0%
top 84.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Active Directory Jenkins PluginJenkins Active Directory
Timeline
PublishedJul 27
Latest updateMay 13

Description

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Jenkins Active Directory Plugin did not verify certificate of AD server2022-05-13
GHSA
Jenkins Active Directory Plugin did not verify certificate of AD server2022-05-13
CVEList
CVE-2017-2649: It was found that the Active Directory Plugin for Jenkins up to and including version 22018-07-27

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2017-03-202017-03-20

💬Community

1
Bugzilla
CVE-2017-7549 instack-undercloud: uses hardcoded /tmp paths2017-08-02
CVE-2017-2649 (HIGH CVSS 8.1) | It was found that the Active Direct | cvebase.io