Azure Ad Jenkins Azure Ad

Do you want an email whenever new security vulnerabilities are reported in Jenkins Azure Ad?

By the Year

In 2023 there have been 2 vulnerabilities in Jenkins Azure Ad with an average score of 8.2 out of ten. Azure Ad did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year.

Year Vulnerabilities Average Score
2023 2 8.15
2022 0 0.00
2021 1 8.80
2020 1 5.30
2019 1 8.80
2018 0 0.00

It may take a day or so for new Azure Ad vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Azure Ad Security Vulnerabilities

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially

CVE-2023-41935 7.5 - High - September 06, 2023

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

Incorrect Comparison

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

CVE-2023-24426 8.8 - High - January 26, 2023

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

Insufficient Session Expiration

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs

CVE-2021-21679 8.8 - High - August 31, 2021

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Session Riding

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form

CVE-2020-2119 5.3 - Medium - February 12, 2020

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Insufficiently Protected Credentials

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

CVE-2019-10318 8.8 - High - April 30, 2019

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

Insufficiently Protected Credentials

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Azure Ad or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe