Known Vulnerabilities
CVE-2023-24426
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
UNKNOWN
CVSS 8.8
Published Jan 24, 2023
CVE-2021-21679
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
UNKNOWN
Published Aug 31, 2021
CVE-2020-2119
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
UNKNOWN
Published Feb 12, 2020