CVE-2020-2299

Severity

9.8CRITICAL

EPSS

0.2%

top 58.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 4

Latest updateMay 24

Description

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

GHSA

Improper Authentication in Jenkins Active Directory Plugin↗2022-05-24

▶

OSV

Improper Authentication in Jenkins Active Directory Plugin↗2022-05-24

▶

CVEList

CVE-2020-2299: Jenkins Active Directory Plugin 2↗2020-11-04

▶

Jenkins

Jenkins Security Advisory 2020-11-04↗2020-11-04

▶