Vulnerabilities > Jenkins > Azure AD > 1.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-41935 | Incorrect Comparison vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce. | 7.5 |
| 2023-01-26 | CVE-2023-24426 | Insufficient Session Expiration vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. | 8.8 |