Every CVE whose affected-product data names Jenkins Azure Ad, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-10318 — CVSS 8.8 (high): Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins…
CVE-2021-21679 — CVSS 8.8 (high): Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target…
CVE-2023-24426 — CVSS 8.8 (high): Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVE-2023-41935 — CVSS 7.5 (high): Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when…
CVE-2020-2119 — CVSS 5.3 (medium): Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form…
CVE-2026-42525 — CVSS 4.3 (medium): Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login…