cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41935,https://securityvulnerability.io/vulnerability/CVE-2023-41935,Non-constant Time Comparison Flaw in Jenkins Azure AD Plugin,"The Jenkins Azure AD Plugin, up to version 396.v86ce29279947, is susceptible to a non-constant time comparison issue. This vulnerability arises during the validation of CSRF protection nonces, which can be exploited by attackers employing statistical techniques to deduce a valid nonce from the application. The presence of this flaw underscores the necessity for developers to implement constant-time algorithms for security-critical operations to mitigate potential attacks.",Jenkins,Jenkins Azure Ad Plugin,7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2023-24426,https://securityvulnerability.io/vulnerability/CVE-2023-24426,Session Management Flaw in Jenkins Azure AD Plugin,"The Jenkins Azure AD Plugin prior to version 303.va_91ef20ee49f suffers from a session management deficiency. This issue allows an attacker to maintain access to a user session even after new login credentials are provided, thus failing to invalidate the previous session. This can lead to unauthorized access under specific conditions and highlights the importance of effective session handling in web applications to ensure user security.",Jenkins,Jenkins Azure AD Plugin,8.8,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2021-21679,https://securityvulnerability.io/vulnerability/CVE-2021-21679,,Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.,Jenkins,Jenkins Azure Ad Plugin,8.8,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2021-08-31T13:50:16.000Z,0
CVE-2020-2119,https://securityvulnerability.io/vulnerability/CVE-2020-2119,,"Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",Jenkins,Jenkins Azure Ad Plugin,5.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2020-02-12T14:35:44.000Z,0
CVE-2019-10318,https://securityvulnerability.io/vulnerability/CVE-2019-10318,,Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.,Jenkins,Jenkins Azure Ad Plugin,8.8,HIGH,0.0031799999997019768,false,false,false,false,,false,false,2019-04-30T12:25:18.000Z,0