Unencrypted Transmission of Data in Jenkins Active Directory Plugin

Unencrypted Transmission of Data in Jenkins Active Directory Plugin

CVE-2022-23105 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

Learn more about our Cis Benchmark Audit For Server Software.