9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2299

CVE-2020-2299: Improper Authentication in Jenkins Active Directory Plugin

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode.

The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authentication and distinguishes these behaviors through the use if a magic constant used in place of a real password. This allows attackers to log in as any user if the magic constant is used as the password in Active Directory Plugin prior to 2.16.1 and 220.

Active Directory Plugin 2.16.1 and 2.20 no longer uses a magic constant to distinguish between user lookup and user authentication.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-2299

CVE-2020-2299:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:active-directory	maven	>= 2.17, < 2.20	2.20
org.jenkins-ci.plugins:active-directory	maven	>= 1.44, < 2.16.1	2.16.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using a magic password constant (hex nulls) to differentiate between user lookup (no auth) and authentication. The commit shows:

Removal of NO_AUTHENTICATION magic string from ActiveDirectoryUnixAuthenticationProvider
Introduction of Password interface with proper authentication state handling
Modified cache key generation to include password hashes instead of raw passwords
Added explicit empty password checks These changes indicate the original retrieveUser functions in both authentication providers improperly handled the authentication flow when the magic constant was present in the password field, allowing attackers to authenticate as any user by supplying this special value.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-2299: Improper Authentication in Jenkins Active Directory Plugin

CVE-2020-2299:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2020-2299: Improper Authentication in Jenkins Active Directory Plugin

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

9.8

9.8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI