How severe is CVE-2023-37943?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-37943?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2023-37943

MEDIUM Year: 2023

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-311

View all →

Vulnerability Description

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.

CVE-2016-10597

MEDIUM

CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM

CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM

CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM

CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017

CVE-2017-6297

MEDIUM

CVSS:5.9(Medium)

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain ...

CWE-3112017

CVE-2017-9045

MEDIUM

CVSS:5.9(Medium)

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof F...

CWE-3112017

CVE-2023-37943

Vulnerability Description

Related Vulnerabilities

CVE-2016-10597

CVE-2016-10613

CVE-2016-10630

CVE-2017-16041

CVE-2017-6297

CVE-2017-9045