Improper Certificate Validation Affecting rg.jenkins-ci.plugins:active-directory package, versions [,2.11)


0.0
high

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High

    Threat Intelligence

    EPSS 0.1% (41st percentile)
Expand this section
NVD
7.4 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-RGJENKINSCIPLUGINS-173672
  • published 6 Feb 2019
  • disclosed 28 Jan 2019
  • credit Unknown

How to fix?

Upgrade rg.jenkins-ci.plugins:active-directory to version 2.11 or higher.

Overview

rg.jenkins-ci.plugins:active-directory is a Next Generation Warnings plugin which collects compiler warnings or issues reported by static analysis tools and visualizes the results.

Affected versions of this package are vulnerable to Improper Certificate Validation. An attacker could impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.