Jenkins Project Jenkins Azure Ad Plugin vulnerabilities
4 known vulnerabilities affecting jenkins_project/jenkins_azure_ad_plugin.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-24426HIGHCVSS 8.8≥ unspecified, ≤ 303.va_91ef20ee49f2023-01-26
CVE-2023-24426 [HIGH] CWE-613 CVE-2023-24426: Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on l
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
cvelistv5nvd
CVE-2021-21679HIGHCVSS 8.8≥ 164.v5b48baa961d2, < unspecified≥ unspecified, ≤ 179.vf6841393099e2021-08-31
CVE-2021-21679 [HIGH] CWE-352 CVE-2021-21679: Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypa
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
cvelistv5nvd
CVE-2020-2119MEDIUMCVSS 5.3≥ unspecified, ≤ 1.1.22020-02-12
CVE-2020-2119 [MEDIUM] CWE-522 CVE-2020-2119: Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
cvelistv5nvd
CVE-2019-10318HIGHCVSS 8.8v0.3.3 and earlier2019-04-30
CVE-2019-10318 [HIGH] CWE-522 CVE-2019-10318: Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
cvelistv5nvd