Azure Ad Jenkins Azure Ad

Do you want an email whenever new security vulnerabilities are reported in Jenkins Azure Ad?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Azure Ad . Last year Azure Ad had 2 security vulnerabilities published. Right now, Azure Ad is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 2 8.15
2022 0 0.00
2021 1 8.80
2020 1 5.30
2019 1 8.80
2018 0 0.00

It may take a day or so for new Azure Ad vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Azure Ad Security Vulnerabilities

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially

CVE-2023-41935 7.5 - High - September 06, 2023

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

Incorrect Comparison

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

CVE-2023-24426 8.8 - High - January 26, 2023

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

Insufficient Session Expiration

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs

CVE-2021-21679 8.8 - High - August 31, 2021

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Session Riding

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form

CVE-2020-2119 5.3 - Medium - February 12, 2020

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Insufficiently Protected Credentials

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

CVE-2019-10318 8.8 - High - April 30, 2019

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

Insufficiently Protected Credentials

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Azure Ad or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe