Severity: Critical
CVSS Score: 9.8
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.