CVE-2024-52553
- EPSS 0.16%
- Veröffentlicht 13.11.2024 21:15:29
- Zuletzt bearbeitet 07.05.2025 14:15:02
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2023-50770
- EPSS 0.01%
- Veröffentlicht 13.12.2023 18:15:44
- Zuletzt bearbeitet 21.11.2024 08:37:16
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain ...
CVE-2023-24444
- EPSS 0.15%
- Veröffentlicht 26.01.2023 21:18:18
- Zuletzt bearbeitet 02.04.2025 14:15:40
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2023-24445
- EPSS 0.21%
- Veröffentlicht 26.01.2023 21:18:18
- Zuletzt bearbeitet 02.04.2025 14:15:40
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
CVE-2023-24446
- EPSS 0.23%
- Veröffentlicht 26.01.2023 21:18:18
- Zuletzt bearbeitet 02.04.2025 14:15:40
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2019-1003098
- EPSS 0.16%
- Veröffentlicht 04.04.2019 16:29:02
- Zuletzt bearbeitet 21.11.2024 04:17:54
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003099
- EPSS 0.08%
- Veröffentlicht 04.04.2019 16:29:02
- Zuletzt bearbeitet 21.11.2024 04:17:54
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.