2 matches found
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server...
CVE-2020-2300
CVE-2020-2300 affects Jenkins Active Directory Plugin ≥2.19 and earlier. In Windows/ADSI mode the plugin does not prohibit empty passwords, enabling unauthorized logins to Jenkins depending on Active Directory server configuration. Mitigation: upgrade to version 2.20 or 2.16.1 which prohibit empt...