CVE-2017-2649
HIGHJenkins Active Directory < 2.2 - Improper Certificate Validation
Title source: ruleDescription
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Exploits (2)
nomisec
WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-2649-active-directory-plugin-vulnerable
nomisec
WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-2649-active-directory-plugin-vulnerable
Scores
CVSS v3
8.1
EPSS
0.0005
EPSS Percentile
15.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (2)
jenkins/active_directory
< 2.2
org.jenkins-ci.plugins/active-directory
0 - 2.3Maven
Published
Jul 27, 2018
Tracked Since
Feb 18, 2026