CVE-2020-2301 – org.jenkins-ci.plugins:active-directory

Package

Manager: maven
Name: org.jenkins-ci.plugins:active-directory
Vulnerable Version: >=2.17 <2.20 || >=0 <2.16.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00181 pctl0.4

Details

Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. Optionally, to reduce lookup time, a cache can be configured to remember user lookups and user authentications. In Active Directory Plugin prior to 2.20 and 2.16.1, when run in Windows/ADSI mode, the provided password was not used when looking up an applicable cache entry. This allows attackers to log in as any user using any password while a successful authentication of that user is still in the cache. As a workaround for this issue, the cache can be disabled. Active Directory Plugin 2.20 and 2.16.1 includes the provided password in cache entry lookup. Additionally, the Java system property `hudson.plugins.active_directory.CacheUtil.noCacheAuth` can be set to `true` to no longer cache user authentications.

Metadata

Created: 2022-05-24T17:33:07Z
Modified: 2023-10-27T12:05:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-954f-xw44-56r2/GHSA-954f-xw44-56r2.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-954f-xw44-56r2
Finding: F006
Auto approve: 1