CVE Vulnerabilities

CVE-2022-23105

Cleartext Transmission of Sensitive Information

Published: Jan 12, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.9 LOW
AV:A/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Active_directory Jenkins * 2.25 (including)

Potential Mitigations

References