CVE-2026-48918

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

CVE-2026-48916

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

EUVD-2026-32507

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

CVE-2026-48916

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

CVE-2026-48916

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

Jenkins plugins Multiple Vulnerabilities (2026-05-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross- site scripting XSS vulnerability...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.161-0.b14.el7 (AXSA:2018-2516:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2516:01 advisory. Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the URL references when following referrals. An attacker can manipulate application behavior by configuring a malicious LDAP server and triggering deserialization of untrusted Java objects as an...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

...

CVE-2018-2633

It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data...

OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)

It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data...

OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)

It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data...