CVE-2023-41935
- EPSS 0.07%
- Veröffentlicht 06.09.2023 13:15:10
- Zuletzt bearbeitet 21.11.2024 08:21:57
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to us...
CVE-2023-24426
- EPSS 0.21%
- Veröffentlicht 26.01.2023 21:18:16
- Zuletzt bearbeitet 02.04.2025 14:15:37
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVE-2021-21679
- EPSS 0.03%
- Veröffentlicht 31.08.2021 14:15:25
- Zuletzt bearbeitet 21.11.2024 05:48:49
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVE-2020-2119
- EPSS 0.04%
- Veröffentlicht 12.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:24:42
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10318
- EPSS 0.08%
- Veröffentlicht 30.04.2019 13:29:05
- Zuletzt bearbeitet 21.11.2024 04:18:52
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.