How severe is CVE-2019-1003009?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-1003009?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2019-1003009 - HIGH Severity | CVSS 7.4

Vulnerability Description

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.

Related Vulnerabilities

CVE-2012-0955

HIGH

CVSS:7.4(High)

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under py...

CWE-2952012

CVE-2012-5817

HIGH

CVSS:7.4(High)

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) ...

CWE-2952012

CVE-2012-5819

HIGH

CVSS:7.4(High)

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker...

CWE-2952012

CVE-2012-5822

HIGH

CVSS:7.4(High)

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-...

CWE-2952012

CVE-2013-7201

HIGH

CVSS:7.4(High)

WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

CWE-2952013

CVE-2014-1266

HIGH

CVSS:7.4(High)

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6,...

CWE-2952014