CVE-2020-2299
published 2020-11-04CVE-2020-2299: Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory | <= 2.19 | — |
| jenkins | active_directory_plugin | — | — |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | authentication_cache_in_active_directory_plugin | — | — |
| jenkins | aws_global_configuration_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | findbugs_plugin | — | — |
| jenkins | ids_in_azure_key_vault_plugin | — | — |
| jenkins | jenkins-ci_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | mail_commander_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | sqlplus_script_runner_plugin | — | — |
| jenkins | static_analysis_utilities_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | visualworks_store_plugin | — | — |
| jenkins | vmware_lab_manager_slaves_plugin | — | — |
| jenkins_project | jenkins_active_directory_plugin | >= 1.44 < unspecified | unspecified |
| jenkins_project | jenkins_active_directory_plugin | unspecified – 2.19 | — |