Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-2h95-4xw9-m68j

GitHub Security Advisory

Jenkins Active Directory Plugin Improper certificate validation with StartTLS

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.

Affected Packages

Maven org.jenkins-ci.plugins:active-directory
Affected versions: 0 (fixed in 2.11)

Related CVEs

CVE-2019-1003009

Key Information

GHSA ID
GHSA-2h95-4xw9-m68j
Published
May 13, 2022 1:31 AM
Last Modified
January 9, 2024 5:59 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:active-directory
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.