Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins active directory vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user if a magic constant is used as the password.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and previous versions does not prohibit the use of an empty password in Windows/ADSI mode, which allows malicious users to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Jenkins Active Directory
7.4
CVSSv3
CVE-2019-1003009
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and previous versions in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/...
Jenkins Active Directory
5.9
CVSSv3
CVE-2023-37943
Jenkins Active Directory Plugin 2.30 and previous versions ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controll...
Jenkins Active Directory
8.1
CVSSv3
CVE-2017-2649
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Jenkins Active Directory
4.3
CVSSv3
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and previous versions allows attackers with Overall/Read permission to access the domain health check diagnostic page.
Jenkins Active Directory
4.3
CVSSv3
CVE-2020-2303
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credenti...
Jenkins Active Directory
6.5
CVSSv3
CVE-2022-23105
Jenkins Active Directory Plugin 2.25 and previous versions does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
Jenkins Active Directory
9.8
CVSSv3
CVE-2022-22978
In spring security versions before 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable...
Vmware Spring Security
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
29 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »