Vulnerability in Jenkins Active Directory plugin
This vulnerability allows attackers to gain access as administrative users, when Active Directory is configured to support anonymous LDAP bind operations. This affects the system that satisfies all of the following conditions: (1) it uses the Active Directory plugin up to and including 1.24, (2) Active Directory that it talks to allows anonymous binds (Windows disables anonymous binds by default), and (3) Jenkins runs on OS other than Windows, or 64bit JVM on Windows.