Skip to main content

Azure Ad

5 CVEs product

Monthly

CVE-2023-41935 Maven HIGH PATCH This Week

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Microsoft Azure Ad
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-24426 Maven HIGH This Week

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21679 Maven HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins Azure Ad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2119 Maven MEDIUM PATCH This Month

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Jenkins Information Disclosure Azure Ad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-10318 Maven HIGH PATCH This Week

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.8%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy