Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Active_directory | Jenkins | * | 2.25 (including) |