Jenkins » Active Directory : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2020-2301

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-11-04
Updated
2023-10-25

CVE-2020-2300

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-11-04
Updated
2023-10-25

CVE-2020-2299

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-11-04
Updated
2023-10-25

CVE-2017-2649

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Max CVSS
8.1
EPSS Score
0.12%
Published
2018-07-27
Updated
2019-10-09
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close