Jenkins Active Directory Plugin Allows Empty Password Login Vulnerability
CVE-2020-2300 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Learn more about our Cis Benchmark Audit For Server Software.