Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins active directory vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user if a magic constant is used as the password.
Jenkins Active Directory
668
VMScore
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and previous versions does not prohibit the use of an empty password in Windows/ADSI mode, which allows malicious users to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Jenkins Active Directory
668
VMScore
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Jenkins Active Directory
605
VMScore
CVE-2017-2649
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Jenkins Active Directory
516
VMScore
CVE-2019-1003009
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and previous versions in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/...
Jenkins Active Directory
383
VMScore
CVE-2020-2303
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credenti...
Jenkins Active Directory
356
VMScore
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and previous versions allows attackers with Overall/Read permission to access the domain health check diagnostic page.
Jenkins Active Directory
259
VMScore
CVE-2022-23105
Jenkins Active Directory Plugin 2.25 and previous versions does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
Jenkins Active Directory
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2023-37943
Jenkins Active Directory Plugin 2.30 and previous versions ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controll...
Jenkins Active Directory
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »