CVE-2023-24424

CWE-3845 documents5 sources
Severity
8.8HIGH
EPSS
0.5%
top 35.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Openid Connect AuthenticationJenkins Project Jenkins Openid Connect Authentication Plugin
Timeline
PublishedJan 26

Description

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin2023-01-26
GHSA
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin2023-01-26
CVEList
CVE-2023-24424: Jenkins OpenId Connect Authentication Plugin 22023-01-24

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-01-242023-01-24
CVE-2023-24424 (HIGH CVSS 8.8) | Jenkins OpenId Connect Authenticati | cvebase.io