CVE-2023-37943
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-37943
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37943.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-37943
- Aliases
- Published
- 2023-07-12T16:15:13Z
- Modified
- 2024-09-03T04:32:34.786950Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.
- References
Affected packages
Git / github.com/jenkinsci/active-directory-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/active-directory-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
active-directory-1.*
active-directory-1.19
active-directory-1.20
active-directory-1.21
active-directory-1.22
active-directory-1.23
active-directory-1.24
active-directory-1.25
active-directory-1.26
active-directory-1.27
active-directory-1.28
active-directory-1.29
active-directory-1.30
active-directory-1.31
active-directory-1.32
active-directory-1.33
active-directory-1.34
active-directory-1.35
active-directory-1.36
active-directory-1.37
active-directory-1.38
active-directory-1.39
active-directory-1.40
active-directory-1.41
active-directory-1.42
active-directory-1.43
active-directory-1.44
active-directory-1.45
active-directory-1.46
active-directory-1.47
active-directory-1.48
active-directory-1.49
active-directory-2.*
active-directory-2.0
active-directory-2.1
active-directory-2.10
active-directory-2.11
active-directory-2.12
active-directory-2.13
active-directory-2.14
active-directory-2.15
active-directory-2.16
active-directory-2.17
active-directory-2.18
active-directory-2.19
active-directory-2.2
active-directory-2.20
active-directory-2.21
active-directory-2.22
active-directory-2.23
active-directory-2.24
active-directory-2.25
active-directory-2.26
active-directory-2.27
active-directory-2.28
active-directory-2.29
active-directory-2.3
active-directory-2.30
active-directory-2.4
active-directory-2.5
active-directory-2.6
active-directory-2.7
active-directory-2.8
active-directory-2.9