Main Vulnerability Database Vulnerabilities #VU59591

#VU59591 Cleartext transmission of sensitive information in Active Directory - CVE-2022-23105

Published: January 13, 2022

Vulnerability identifier: #VU59591

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-23105

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Active Directory

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected plugin does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-01-12/

#VU59591 Cleartext transmission of sensitive information in Active Directory - CVE-2022-23105

Description

Remediation

External links

Please verify you're human