Jenkins » Active Directory : Security Vulnerabilities, CVEs, CVSS score >= 8
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-11-04
Updated
2023-10-25
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-11-04
Updated
2023-10-25
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-11-04
Updated
2023-10-25
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Max CVSS
8.1
EPSS Score
0.12%
Published
2018-07-27
Updated
2019-10-09
4 vulnerabilities found