Jenkins: >> Azure Ad >> 1.0.0 Security Vulnerabilities
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-04-29
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-06
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVSS Score
8.8
EPSS Score
0.009
Published
2023-01-26
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-02-12