Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389
http://www.openwall.com/lists/oss-security/2022/01/12/6
Source: Mitre, NVD
Published: 2022-01-12
Updated: 2024-11-21
Base Score: 2.9
Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N
Severity: Low
Base Score: 6.5
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: Medium