Vulnerabilities > Jenkins > Azure AD > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-41935 Incorrect Comparison vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
network
low complexity
jenkins CWE-697
7.5
2023-01-26 CVE-2023-24426 Insufficient Session Expiration vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-613
8.8
2021-08-31 CVE-2021-21679 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
network
low complexity
jenkins CWE-352
8.8
2019-04-30 CVE-2019-10318 Insufficiently Protected Credentials vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8