CVE-2019-1003009

Summary

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Active Directory Plugin2.10 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References