CVE-2022-23105

CWE-319Cleartext Transmission5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 98.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Active Directory PluginJenkins Active Directory
Timeline
PublishedJan 12
Latest updateJan 13

Description

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_active_directory_pluginunspecified2.25

🔴Vulnerability Details

3
GHSA
User passwords transmitted in plain text by Jenkins Active Directory Plugin2022-01-13
OSV
User passwords transmitted in plain text by Jenkins Active Directory Plugin2022-01-13
CVEList
CVE-2022-23105: Jenkins Active Directory Plugin 22022-01-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-01-122022-01-12
CVE-2022-23105 (MEDIUM CVSS 6.5) | Jenkins Active Directory Plugin 2.2 | cvebase.io