Klaus

authsch

 Mon, 09 Nov 2020 14:48:00 +0100 
Oh Jenkins :sigh

#^Jenkins Security Advisory 2020-11-04
This advisory announces vulnerabilities in the following Jenkins deliverables:
* Active Directory Plugin
...

o_O
Login allowed with hardcoded password by Active Directory Plugin
Login allowed with empty password by Active Directory Plugin
Authentication cache in Active Directory Plugin allows logging in with any password
Missing permission check in Active Directory Plugin allows accessing domain health check page
CSRF vulnerability in Active Directory Plugin