Azure AD
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42525 | Med | 0.28 | 4.3 | 0.00 | Apr 29, 2026 | Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | ||
| CVE-2021-42306 | 0.01 | — | 0.03 | Nov 24, 2021 | An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a… | |||
| CVE-2021-33781 | 0.01 | — | 0.02 | Jul 14, 2021 | Azure AD Security Feature Bypass Vulnerability |
- risk 0.28cvss 4.3epss 0.00
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
- CVE-2021-42306Nov 24, 2021risk 0.01cvss —epss 0.03
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a…
- CVE-2021-33781Jul 14, 2021risk 0.01cvss —epss 0.02
Azure AD Security Feature Bypass Vulnerability