Multiple vulnerabilities in Jenkins Active Directory plugin
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-2300 CVE-2020-2303 CVE-2020-2302 CVE-2020-2301 CVE-2020-2299 |
| CWE-ID | CWE-284 CWE-352 CWE-264 CWE-287 CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Active Directory Web applications / Modules and components for CMS |
| Vendor | Jenkins |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU48224
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2300
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the Windows/ADSI mode does not specifically prohibit use of empty passwords. A remote attacker can log in to Jenkins as any user by providing an empty password.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActive Directory: 1 - 2.19
External linkshttp://www.openwall.com/lists/oss-security/2020/11/04/6
http://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2099
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU48230
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2303
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsActive Directory: 1 - 2.19
External linkshttp://www.openwall.com/lists/oss-security/2020/11/04/6
http://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48229
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2302
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing permission check in an HTTP endpoint. A remote user with Overall/Read permission can access the domain health check diagnostic page.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActive Directory: 1 - 2.19
External linkshttp://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1999
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU48228
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2301
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the provided password is not used when looking up an applicable cache entry when run in Windows/ADSI mode. A remote attacker can log in as any user using any password while a successful authentication of that user is still in the cache.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActive Directory: 1 - 2.19
External linkshttp://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2123
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of hard-coded credentials
EUVDB-ID: #VU48151
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2299
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code within the LDAP-based mode. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActive Directory: 1.3 - 2.19
External linkshttp://www.openwall.com/lists/oss-security/2020/11/04/6
http://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2117
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
