Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe

Filtered by product Active Directory

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-2299	1 Jenkins	1 Active Directory	2020-11-10	7.5 HIGH	9.8 CRITICAL
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
CVE-2020-2301	1 Jenkins	1 Active Directory	2020-11-09	7.5 HIGH	9.8 CRITICAL
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
CVE-2020-2300	1 Jenkins	1 Active Directory	2020-11-09	7.5 HIGH	9.8 CRITICAL
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.