Jenkins Azure Ad

Do you want an email whenever new security vulnerabilities are reported in Jenkins Azure Ad?

By the Year

In 2023 there have been 1 vulnerability in Jenkins Azure Ad with an average score of 8.8 out of ten. Azure Ad did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.

Year	Vulnerabilities	Average Score
2023	1	8.80
2022	0	0.00
2021	1	8.80
2020	1	5.30
2019	1	8.80
2018	0	0.00

It may take a day or so for new Azure Ad vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Azure Ad Security Vulnerabilities

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

CVE-2023-24426 8.8 - High - January 26, 2023

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

Insufficient Session Expiration

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs

CVE-2021-21679 8.8 - High - August 31, 2021

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form

CVE-2020-2119 5.3 - Medium - February 12, 2020

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Insufficiently Protected Credentials

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

CVE-2019-10318 8.8 - High - April 30, 2019

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

Credentials Management Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Azure Ad or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Azure Ad
Product

By the Year

Recent Jenkins Azure Ad Security Vulnerabilities

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE-2023-24426 8.8 - High - January 26, 2023

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs CVE-2021-21679 8.8 - High - August 31, 2021

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form CVE-2020-2119 5.3 - Medium - February 12, 2020

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. CVE-2019-10318 8.8 - High - April 30, 2019