4 matches found
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password...
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password...
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password...
CVE-2020-2299
CVE-2020-2299 affects Jenkins Active Directory Plugin versions 1.44–2.19 and certain older ranges, where the LDAP-based mode distinguishes user lookup from authentication by using a magic constant as the password due to shared code paths. This allows an attacker to log in as any user when the mag...