Description
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.
Published: 2026-06-24
Score: 3.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Jenkins Active Directory Plugin 2.41.1 and earlier fails to escape user names before constructing the LDAP search filter when using the Windows native (ADSI) authentication path. This omission permits an attacker to inject LDAP wildcard characters into the filter. As a result, an unauthenticated attacker can enumerate directory entries and, by guessing or knowing a target's password, authenticate as that user without knowing the exact user name.

Affected Systems

The vulnerability affects the Jenkins Active Directory Plugin distributed by the Jenkins Project. Versions 2.41.1 and earlier are impacted.

Risk and Exploitability

The flaw can be exploited through unauthenticated requests to the Jenkins AD authentication endpoint, making the attack surface large. Because unauthenticated users can trigger the injection, the risk is high for environments exposed to the internet or untrusted networks. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, but the potential for privilege escalation via LDAP injection warrants immediate awareness.

Generated by OpenCVE AI on June 24, 2026 at 15:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Jenkins Active Directory Plugin to the latest available version
  • Implement input validation or sanitization for the username field before it is used in LDAP queries
  • Limit network access to the Jenkins LDAP authentication endpoint to trusted IP ranges or VPNs
  • Monitor Jenkins logs for anomalous LDAP search patterns that include wildcards

Generated by OpenCVE AI on June 24, 2026 at 15:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title LDAP Wildcard Injection in Jenkins Active Directory Plugin Allows unauthenticated Enumeration and Impersonation
Weaknesses CWE-83
CWE-90
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2026-06-24T14:14:28.743Z

Reserved: 2026-06-24T08:41:44.358Z

Link: CVE-2026-57288

cve-icon Vulnrichment

Updated: 2026-06-24T14:14:24.709Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:15:04Z

Weaknesses
  • CWE-83

    Improper Neutralization of Script in Attributes in a Web Page

  • CWE-90

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')