CVE-2017-2649

CVE-2017-2649

Vendor Jenkins Project
Product Active Directory Jenkins plugin
Weakness CWE-295
Published July 27, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
September 16, 2024 Record updated