GHSA-c8cc-hj57-vm65

Suggest an improvement
Source
https://github.com/advisories/GHSA-c8cc-hj57-vm65
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-c8cc-hj57-vm65/GHSA-c8cc-hj57-vm65.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c8cc-hj57-vm65
Aliases
Published
2022-01-13T00:00:55Z
Modified
2024-02-16T08:10:40.995161Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Details

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

References

Affected packages

Maven / org.jenkins-ci.plugins:active-directory

Package

Name
org.jenkins-ci.plugins:active-directory
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/active-directory

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.25.1

Affected versions

1.*

1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.30
1.31
1.32
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.41
1.42
1.43
1.44
1.45
1.46
1.47
1.48
1.49

2.*

2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.16.1
2.17
2.18
2.19
2.20
2.22
2.23
2.23.1
2.24
2.24.1
2.25