Active Directory Security Vulnerabilities and Issues — Active Directory CVE List

Lucene search

JenkinsActive Directory

5 matches found

CVE•added 2020/11/04 3:15 p.m.•66 views

CVE-2020-2301

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.

9.8CVSS9.5AI score0.00181EPSS

CVE•added 2020/11/04 3:15 p.m.•59 views

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.

4.3CVSS4.4AI score0.00031EPSS

CVE•added 2020/11/04 3:15 p.m.•57 views

CVE-2020-2299

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.

9.8CVSS9.3AI score0.00191EPSS

CVE•added 2020/11/04 3:15 p.m.•54 views

CVE-2020-2300

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.

9.8CVSS9.4AI score0.00191EPSS

CVE•added 2020/11/04 3:15 p.m.•52 views

CVE-2020-2303

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

4.3CVSS4.6AI score0.02526EPSS