Improper Certificate Validation Affecting rg.jenkins-ci.plugins:active-directory package, versions [,2.11)
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Integrity
High
Threat Intelligence
EPSS
0.1% (41st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-RGJENKINSCIPLUGINS-173672
- published 6 Feb 2019
- disclosed 28 Jan 2019
- credit Unknown
Introduced: 28 Jan 2019
CVE-2019-1003009 Open this link in a new tabHow to fix?
Upgrade rg.jenkins-ci.plugins:active-directory
to version 2.11 or higher.
Overview
rg.jenkins-ci.plugins:active-directory is a Next Generation Warnings plugin which collects compiler warnings or issues reported by static analysis tools and visualizes the results.
Affected versions of this package are vulnerable to Improper Certificate Validation. An attacker could impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS
.