pkg:maven/org.jenkins-ci.plugins/active-directory
Type
maven
Namespace
org.jenkins-ci.plugins
Name
active-directory
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/active-directory package.
Critical
4
High
5
Moderate
4
Medium
3
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 2.25 |
CVE-2022-23105
|
JENKINS:SECURITY-1389 | User passwords transmitted in plain text by `active-directory` | medium |
2022-01-12T00:00:00
(2 years ago) |
|
Fixed | = 2.25.1 |
CVE-2022-23105
|
JENKINS:SECURITY-1389 | User passwords transmitted in plain text by `active-directory` | medium |
2022-01-12T00:00:00
(2 years ago) |
|
Affected | <= 2.19 |
CVE-2020-2302
|
JENKINS:SECURITY-1999 | Missing permission check in `active-directory` allows accessing domain health check page | medium |
2020-11-04T00:00:00
(3 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2302
|
JENKINS:SECURITY-1999 | Missing permission check in `active-directory` allows accessing domain health check page | medium |
2020-11-04T00:00:00
(3 years ago) |
|
Affected | <= 2.19 |
CVE-2020-2300
|
JENKINS:SECURITY-2099 | Login allowed with empty password by `active-directory` | high |
2020-11-04T00:00:00
(3 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2300
|
JENKINS:SECURITY-2099 | Login allowed with empty password by `active-directory` | high |
2020-11-04T00:00:00
(3 years ago) |
|
Affected | <= 2.19 |
CVE-2020-2299
|
JENKINS:SECURITY-2117 | Login allowed with hardcoded password by `active-directory` | critical |
2020-11-04T00:00:00
(3 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2299
|
JENKINS:SECURITY-2117 | Login allowed with hardcoded password by `active-directory` | critical |
2020-11-04T00:00:00
(3 years ago) |
|
Affected | <= 2.19 |
CVE-2020-2301
|
JENKINS:SECURITY-2123 | Authentication cache in `active-directory` allows logging in with any password | high |
2020-11-04T00:00:00
(3 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2301
|
JENKINS:SECURITY-2123 | Authentication cache in `active-directory` allows logging in with any password | high |
2020-11-04T00:00:00
(3 years ago) |
|
Affected | <= 2.19 |
CVE-2020-2303
|
JENKINS:SECURITY-2126 | CSRF vulnerability in `active-directory` | medium |
2020-11-04T00:00:00
(3 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2303
|
JENKINS:SECURITY-2126 | CSRF vulnerability in `active-directory` | medium |
2020-11-04T00:00:00
(3 years ago) |
|
Affected | <= 2.30 |
CVE-2023-37943
|
JENKINS:SECURITY-3059 | Password transmitted in plain text by `active-directory` | low |
2023-07-12T00:00:00
(14 months ago) |
|
Fixed | = 2.30.1 |
CVE-2023-37943
|
JENKINS:SECURITY-3059 | Password transmitted in plain text by `active-directory` | low |
2023-07-12T00:00:00
(14 months ago) |
|
Affected | <= 2.10 |
CVE-2019-1003009
|
JENKINS:SECURITY-859 | Improper certificate validation with StartTLS in Active Directory Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
Fixed | = 2.11 |
CVE-2019-1003009
|
JENKINS:SECURITY-859 | Improper certificate validation with StartTLS in Active Directory Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
Affected | <= 2.10 |
CVE-2019-1003009
|
MAVEN:GHSA-2H95-4XW9-M68J | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | high |
2022-05-13T01:31:35
(2 years ago) |
|
Fixed | = 2.11 |
CVE-2019-1003009
|
MAVEN:GHSA-2H95-4XW9-M68J | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | high |
2022-05-13T01:31:35
(2 years ago) |
|
Affected | < 2.20 |
CVE-2020-2303
|
MAVEN:GHSA-2WF5-4MF7-VMH3 | CSRF vulnerability in Jenkins Active Directory Plugin | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2303
|
MAVEN:GHSA-2WF5-4MF7-VMH3 | CSRF vulnerability in Jenkins Active Directory Plugin | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
Affected | < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2300
|
MAVEN:GHSA-8WCW-CW2F-H4G2 | Improper Authentication (empty password) in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Fixed | = 2.16.1 = 2.20 |
CVE-2020-2300
|
MAVEN:GHSA-8WCW-CW2F-H4G2 | Improper Authentication (empty password) in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Affected | < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2301
|
MAVEN:GHSA-954F-XW44-56R2 | Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Fixed | = 2.16.1 = 2.20 |
CVE-2020-2301
|
MAVEN:GHSA-954F-XW44-56R2 | Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Affected | < 2.25.1 |
CVE-2022-23105
|
MAVEN:GHSA-C8CC-HJ57-VM65 | User passwords transmitted in plain text by Jenkins Active Directory Plugin | moderate |
2022-01-13T00:00:55
(2 years ago) |
|
Fixed | = 2.25.1 |
CVE-2022-23105
|
MAVEN:GHSA-C8CC-HJ57-VM65 | User passwords transmitted in plain text by Jenkins Active Directory Plugin | moderate |
2022-01-13T00:00:55
(2 years ago) |
|
Affected | < 2.30.1 |
CVE-2023-37943
|
MAVEN:GHSA-G8C3-6FJ2-87W7 | Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure | moderate |
2023-07-12T18:30:38
(14 months ago) |
|
Fixed | = 2.30.1 |
CVE-2023-37943
|
MAVEN:GHSA-G8C3-6FJ2-87W7 | Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure | moderate |
2023-07-12T18:30:38
(14 months ago) |
|
Affected | < 2.20 |
CVE-2020-2302
|
MAVEN:GHSA-Q6RQ-4WHR-R879 | Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
Fixed | = 2.20 |
CVE-2020-2302
|
MAVEN:GHSA-Q6RQ-4WHR-R879 | Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | moderate |
2022-05-24T17:33:07
(2 years ago) |
|
Affected | >= 1.44, < 2.16.1 >= 2.17, < 2.20 |
CVE-2020-2299
|
MAVEN:GHSA-RF92-3VJR-W628 | Improper Authentication in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Fixed | = 2.16.1 = 2.20 |
CVE-2020-2299
|
MAVEN:GHSA-RF92-3VJR-W628 | Improper Authentication in Jenkins Active Directory Plugin | critical |
2022-05-24T17:33:07
(2 years ago) |
|
Affected | <= 2.2 |
CVE-2017-2649
|
MAVEN:GHSA-VCGJ-J8C5-2H52 | Jenkins Active Directory Plugin did not verify certificate of AD server | high |
2022-05-13T01:36:52
(2 years ago) |
|
Fixed | = 2.3 |
CVE-2017-2649
|
MAVEN:GHSA-VCGJ-J8C5-2H52 | Jenkins Active Directory Plugin did not verify certificate of AD server | high |
2022-05-13T01:36:52
(2 years ago) |