Jenkins Active Directory — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Active Directory, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-2299 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
CVE-2020-2300 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows…
CVE-2020-2301 — CVSS 9.8 (critical): Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication…
CVE-2017-2649 — CVSS 8.1 (high): It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active…
CVE-2019-1003009 — CVSS 7.4 (high): An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/…
CVE-2026-48919 — CVSS 6.6 (medium): Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2022-23105 — CVSS 6.5 (medium): Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active…
CVE-2023-37943 — CVSS 5.9 (medium): Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test…
CVE-2020-2303 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform…
CVE-2020-2302 — CVSS 4.3 (medium): A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the…
CVE-2026-57288 — CVSS 3.7 (low): Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows…