Jenkins Azure Ad
By the Year
In 2023 there have been 2 vulnerabilities in Jenkins Azure Ad with an average score of 8.2 out of ten. Azure Ad did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 8.15 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 1 | 5.30 |
| 2019 | 1 | 8.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Azure Ad vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Azure Ad Security Vulnerabilities
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially
CVE-2023-41935
7.5 - High
- September 06, 2023
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
Incorrect Comparison
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVE-2023-24426
8.8 - High
- January 26, 2023
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
Insufficient Session Expiration
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs
CVE-2021-21679
8.8 - High
- August 31, 2021
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Session Riding
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form
CVE-2020-2119
5.3 - Medium
- February 12, 2020
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Insufficiently Protected Credentials
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
CVE-2019-10318
8.8 - High
- April 30, 2019
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Azure Ad or by Jenkins? Click the Watch button to subscribe.
