pkg:maven/org.jenkins-ci.plugins/active-directory
Type
maven
Namespace
org.jenkins-ci.plugins
Name
active-directory
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/active-directory package.
Critical
4
High
5
Moderate
4
Medium
3
Low
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | <= 2.25 |
CVE-2022-23105
|
 JENKINS:SECURITY-1389
|
User passwords transmitted in plain text by `active-directory` | medium |
2022-01-12T00:00:00
(2 years ago) |
|
| Fixed | = 2.25.1 |
CVE-2022-23105
|
JENKINS:SECURITY-1389
|
User passwords transmitted in plain text by `active-directory` | medium |
2022-01-12T00:00:00
(2 years ago) |
|
| Affected | <= 2.19 |
CVE-2020-2302
|
JENKINS:SECURITY-1999
|
Missing permission check in `active-directory` allows accessing domain health check page | medium |
2020-11-04T00:00:00
(3 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2302
|
JENKINS:SECURITY-1999
|
Missing permission check in `active-directory` allows accessing domain health check page | medium |
2020-11-04T00:00:00
(3 years ago) |
|
| Affected | <= 2.19 |
CVE-2020-2300
|
JENKINS:SECURITY-2099
|
Login allowed with empty password by `active-directory` | high |
2020-11-04T00:00:00
(3 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2300
|
JENKINS:SECURITY-2099
|
Login allowed with empty password by `active-directory` | high |
2020-11-04T00:00:00
(3 years ago) |
|
| Affected | <= 2.19 |
CVE-2020-2299
|
JENKINS:SECURITY-2117
|
Login allowed with hardcoded password by `active-directory` | critical |
2020-11-04T00:00:00
(3 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2299
|
JENKINS:SECURITY-2117
|
Login allowed with hardcoded password by `active-directory` | critical |
2020-11-04T00:00:00
(3 years ago) |
|
| Affected | <= 2.19 |
CVE-2020-2301
|
JENKINS:SECURITY-2123
|
Authentication cache in `active-directory` allows logging in with any password | high |
2020-11-04T00:00:00
(3 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2301
|
JENKINS:SECURITY-2123
|
Authentication cache in `active-directory` allows logging in with any password | high |
2020-11-04T00:00:00
(3 years ago) |
|
| Affected | <= 2.19 |
CVE-2020-2303
|
JENKINS:SECURITY-2126
|
CSRF vulnerability in `active-directory` | medium |
2020-11-04T00:00:00
(3 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2303
|
JENKINS:SECURITY-2126
|
CSRF vulnerability in `active-directory` | medium |
2020-11-04T00:00:00
(3 years ago) |
|
| Affected | <= 2.30 |
CVE-2023-37943
|
JENKINS:SECURITY-3059
|
Password transmitted in plain text by `active-directory` | low |
2023-07-12T00:00:00
(14 months ago) |
|
| Fixed | = 2.30.1 |
CVE-2023-37943
|
JENKINS:SECURITY-3059
|
Password transmitted in plain text by `active-directory` | low |
2023-07-12T00:00:00
(14 months ago) |
|
| Affected | <= 2.10 |
CVE-2019-1003009
|
JENKINS:SECURITY-859
|
Improper certificate validation with StartTLS in Active Directory Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
| Fixed | = 2.11 |
CVE-2019-1003009
|
JENKINS:SECURITY-859
|
Improper certificate validation with StartTLS in Active Directory Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
| Affected | <= 2.10 |
CVE-2019-1003009
|
 MAVEN:GHSA-2H95-4XW9-M68J
|
Jenkins Active Directory Plugin Improper certificate validation with StartTLS | high |
2022-05-13T01:31:35
(2 years ago) |
|
| Fixed | = 2.11 |
CVE-2019-1003009
|
MAVEN:GHSA-2H95-4XW9-M68J
|
Jenkins Active Directory Plugin Improper certificate validation with StartTLS | high |
2022-05-13T01:31:35
(2 years ago) |
|
| Affected | < 2.20 |
CVE-2020-2303
|
MAVEN:GHSA-2WF5-4MF7-VMH3
|
CSRF vulnerability in Jenkins Active Directory Plugin | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2303
|
MAVEN:GHSA-2WF5-4MF7-VMH3
|
CSRF vulnerability in Jenkins Active Directory Plugin | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
| Affected | < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2300
|
MAVEN:GHSA-8WCW-CW2F-H4G2
|
Improper Authentication (empty password) in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Fixed | = 2.16.1 = 2.20 |
CVE-2020-2300
|
MAVEN:GHSA-8WCW-CW2F-H4G2
|
Improper Authentication (empty password) in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Affected | < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2301
|
MAVEN:GHSA-954F-XW44-56R2
|
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Fixed | = 2.16.1 = 2.20 |
CVE-2020-2301
|
MAVEN:GHSA-954F-XW44-56R2
|
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Affected | < 2.25.1 |
CVE-2022-23105
|
MAVEN:GHSA-C8CC-HJ57-VM65
|
User passwords transmitted in plain text by Jenkins Active Directory Plugin | moderate |
2022-01-13T00:00:55
(2 years ago) |
|
| Fixed | = 2.25.1 |
CVE-2022-23105
|
MAVEN:GHSA-C8CC-HJ57-VM65
|
User passwords transmitted in plain text by Jenkins Active Directory Plugin | moderate |
2022-01-13T00:00:55
(2 years ago) |
|
| Affected | < 2.30.1 |
CVE-2023-37943
|
MAVEN:GHSA-G8C3-6FJ2-87W7
|
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure | moderate |
2023-07-12T18:30:38
(14 months ago) |
|
| Fixed | = 2.30.1 |
CVE-2023-37943
|
MAVEN:GHSA-G8C3-6FJ2-87W7
|
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure | moderate |
2023-07-12T18:30:38
(14 months ago) |
|
| Affected | < 2.20 |
CVE-2020-2302
|
MAVEN:GHSA-Q6RQ-4WHR-R879
|
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
| Fixed | = 2.20 |
CVE-2020-2302
|
MAVEN:GHSA-Q6RQ-4WHR-R879
|
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
| Affected | >= 1.44, < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2299
|
MAVEN:GHSA-RF92-3VJR-W628
|
Improper Authentication in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Fixed | = 2.16.1 = 2.20 |
CVE-2020-2299
|
MAVEN:GHSA-RF92-3VJR-W628
|
Improper Authentication in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
| Affected | <= 2.2 |
CVE-2017-2649
|
MAVEN:GHSA-VCGJ-J8C5-2H52
|
Jenkins Active Directory Plugin did not verify certificate of AD server | high |
2022-05-13T01:36:52
(2 years ago) |
|
| Fixed | = 2.3 |
CVE-2017-2649
|
MAVEN:GHSA-VCGJ-J8C5-2H52
|
Jenkins Active Directory Plugin did not verify certificate of AD server | high |
2022-05-13T01:36:52
(2 years ago) |