Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins active directory vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2019-1003009
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and previous versions in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/...
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user if a magic constant is used as the password.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and previous versions does not prohibit the use of an empty password in Windows/ADSI mode, which allows malicious users to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Jenkins Active Directory
4.3
CVSSv3
CVE-2020-2303
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credenti...
Jenkins Active Directory
5.9
CVSSv3
CVE-2023-37943
Jenkins Active Directory Plugin 2.30 and previous versions ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controll...
Jenkins Active Directory
4.3
CVSSv3
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and previous versions allows attackers with Overall/Read permission to access the domain health check diagnostic page.
Jenkins Active Directory
6.5
CVSSv3
CVE-2022-23105
Jenkins Active Directory Plugin 2.25 and previous versions does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
Jenkins Active Directory
8.1
CVSSv3
CVE-2017-2649
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Jenkins Active Directory
5.9
CVSSv3
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current set...
Haxx Libcurl
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Netapp Active Iq Unified Manager -
Netapp Ontap 9 -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »