CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.6%
Jenkins Active Directory Plugin is vulnerable to Information Disclosure. The vulnerability exists when it ignores the “Require TLS” and “StartTls” options and performs connection test without unencrypted which allows an attacker to gain access to sensitive information in the system.