Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Azure Ad
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24426 1 Jenkins 1 Azure Ad 2023-02-03 N/A 8.8 HIGH
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVE-2021-21679 1 Jenkins 1 Azure Ad 2022-10-25 6.8 MEDIUM 8.8 HIGH
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVE-2019-10318 1 Jenkins 1 Azure Ad 2020-10-02 4.0 MEDIUM 8.8 HIGH
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
CVE-2020-2119 1 Jenkins 1 Azure Ad 2020-02-14 5.0 MEDIUM 5.3 MEDIUM
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.