CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

PT-2026-44011

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations...

EUVD-2022-0561

Malicious code in bioql PyPI...

EUVD-2023-2055

Malicious code in bioql PyPI...

EUVD-2022-5159

Malicious code in bioql PyPI...

EUVD-2022-3291

Malicious code in bioql PyPI...

EUVD-2022-5340

Malicious code in bioql PyPI...

CVE-2020-2300

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server...

CVE-2020-2299

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password...

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...

CVE-2020-2301

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...

Information Disclosure

Jenkins Active Directory Plugin is vulnerable to Information Disclosure. The vulnerability exists when it ignores the "Require TLS" and "StartTls" options and performs connection test without unencrypted which allows an attacker to gain access to sensitive information in the system...

CVE-2023-37943

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...

CVE-2023-2484

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

Authentication cache in Active Directory Jenkins Plugin allows logging in with any password

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. Optionally, to reduce lookup time, a cache can be configured to remember user lookups and user authentications. In Active Directory Plugin prior to 2.20 and 2.16.1,...

Improper Authentication in Jenkins Active Directory Plugin

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authenticatio...

GHSA-RF92-3VJR-W628 Improper Authentication in Jenkins Active Directory Plugin

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authenticatio...

Jenkins Active Directory Plugin Improper certificate validation with StartTLS

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...