High severityNVD Advisory· Published Feb 6, 2019· Updated Sep 16, 2024
CVE-2019-1003009
CVE-2019-1003009
Description
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:active-directoryMaven | < 2.11 | 2.11 |
Affected products
2- Range: 2.10 and earlier
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2h95-4xw9-m68jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1003009ghsaADVISORY
- github.com/jenkinsci/active-directory-plugin/commit/520faf5bb1078d75e5fed10b7bf5ac6241fe2fc4ghsaWEB
- jenkins.io/security/advisory/2019-01-28/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.