authsch
Mon, 09 Nov 2020 14:48:00 +0100
Oh Jenkins
#^Jenkins Security Advisory 2020-11-04
#^Jenkins Security Advisory 2020-11-04
This advisory announces vulnerabilities in the following Jenkins deliverables:
* Active Directory Plugin
...
Login allowed with hardcoded password by Active Directory Plugin
Login allowed with empty password by Active Directory Plugin
Authentication cache in Active Directory Plugin allows logging in with any password
Missing permission check in Active Directory Plugin allows accessing domain health check page
CSRF vulnerability in Active Directory Plugin
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).