Vulnerabilities > Jenkins > Active Directory > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-2299 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | 9.8 |
| 2020-11-04 | CVE-2020-2300 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | 9.8 |
| 2020-11-04 | CVE-2020-2301 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | 9.8 |