cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-41935,https://securityvulnerability.io/vulnerability/CVE-2023-41935,Non-constant Time Comparison Flaw in Jenkins Azure AD Plugin,"The Jenkins Azure AD Plugin, up to version 396.v86ce29279947, is susceptible to a non-constant time comparison issue. This vulnerability arises during the validation of CSRF protection nonces, which can be exploited by attackers employing statistical techniques to deduce a valid nonce from the application. The presence of this flaw underscores the necessity for developers to implement constant-time algorithms for security-critical operations to mitigate potential attacks.",Jenkins,Jenkins Azure Ad Plugin,7.5,HIGH,0.001290000043809414,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0
CVE-2023-24426,https://securityvulnerability.io/vulnerability/CVE-2023-24426,Session Management Flaw in Jenkins Azure AD Plugin,"The Jenkins Azure AD Plugin prior to version 303.va_91ef20ee49f suffers from a session management deficiency. This issue allows an attacker to maintain access to a user session even after new login credentials are provided, thus failing to invalidate the previous session. This can lead to unauthorized access under specific conditions and highlights the importance of effective session handling in web applications to ensure user security.",Jenkins,Jenkins Azure AD Plugin,8.8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2021-21679,https://securityvulnerability.io/vulnerability/CVE-2021-21679,CSRF Vulnerability in Jenkins Azure AD Plugin by Jenkins,"The Jenkins Azure AD Plugin prior to version 179.vf6841393099e is vulnerable to a Cross-Site Request Forgery (CSRF) attack. Malicious actors can exploit this vulnerability by crafting specific URLs that bypass CSRF protections for any target URL within Jenkins, potentially leading to unauthorized actions performed on behalf of authenticated users. It is essential for Jenkins administrators to upgrade to the latest version to mitigate this risk and ensure the security of their CI/CD pipeline.",Jenkins,Jenkins Azure Ad Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2021-08-31T13:50:16.000Z,0
CVE-2020-2119,https://securityvulnerability.io/vulnerability/CVE-2020-2119,Plain Text Credential Exposure in Jenkins Azure AD Plugin by Jenkins,The Jenkins Azure AD Plugin prior to version 1.1.2 has a critical flaw where configured credentials are transmitted in plain text through the Jenkins global configuration form. This vulnerability may lead to unauthorized exposure of sensitive information. It is essential for users of this plugin to upgrade to the latest version to mitigate potential risks.,Jenkins,Jenkins Azure Ad Plugin,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-02-12T14:35:44.000Z,0
CVE-2019-10318,https://securityvulnerability.io/vulnerability/CVE-2019-10318,Unencrypted Client Secret Exposure in Jenkins Azure AD Plugin by CloudBees,"The Jenkins Azure AD Plugin versions 0.3.3 and earlier are vulnerable due to storing the client secret in an unencrypted format within the global config.xml configuration file. This allows users with access to the Jenkins master file system to potentially view sensitive credentials, increasing the risk of unauthorized access and exploitation of systems relying on this plugin.",Jenkins,Jenkins Azure Ad Plugin,8.8,HIGH,0.0031799999997019768,false,,false,false,false,,,false,false,,2019-04-30T12:25:18.000Z,0