org.jenkins-ci.plugins:azure-ad
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:azure-adpage 1 of 1
- CVE-2019-10318HIGHCVSS 8.8EG 8.8✓ Fixed in 0.3.42019-04-30
vulnerable: 0.1.1 ... 0.3.3 (7 versions)
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
- CVE-2020-2119MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.2.02020-02-12
vulnerable: 0.1.1 ... 1.1.2 (12 versions)
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2021-21679HIGHCVSS 8.8EG 8.8✓ Fixed in 180.v8b1e80e6f2422021-08-31
vulnerable: 0.1.1 ... 179.vf6841393099e (37 versions)
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
- CVE-2023-24426HIGHCVSS 8.8EG 8.82023-01-26
vulnerable: 0.1.1 ... 267.v5b_dfb_514d9fd (53 versions)
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
- CVE-2023-41935HIGHCVSS 7.5EG 7.5✓ Fixed in 378.vd6e2874a2023-09-06
vulnerable: 0.1.1 ... 349.vc02b_a_0b_142a_8 (62 versions)
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing atta…
- CVE-2026-42525MEDIUMCVSS 4.3EG 4.3✓ Fixed in 667.v4c5827a2026-04-29
vulnerable: 0.1.1 ... 666.v6060de32f87d (102 versions)
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Check whether org.jenkins-ci.plugins:azure-ad is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:azure-ad CVEs against the assets you own.
Start Free Scan →