org.jenkins-ci.plugins:active-directory (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:active-directory, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2020-2300 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows…
CVE-2020-2301 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication…
CVE-2020-2299 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
CVE-2017-2649 — CVSS 8.1 (high): It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active…
CVE-2019-1003009 — CVSS 7.4 (high): An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/…
CVE-2022-23105 — CVSS 6.5 (medium): Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active…
CVE-2023-37943 — CVSS 5.9 (medium): Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test…
CVE-2020-2302 — CVSS 4.3 (medium): A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the…
CVE-2020-2303 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform…