CVE-2023-33005: Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

medium5.4CVSS 3.1

AVNACLPRNUIRSUCLILAN

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

24 ranges

Vendor	Product	Version range	Fixed in
jenkins	ansible_plugin	—	—
jenkins	appspider_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	cas_plugin	—	—
jenkins	code_dx_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	file_parameter_plugin	—	—
jenkins	hashicorp_vault_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	improper_masking_of_credentials_in_hashicorp_vault_plugin	—	—
jenkins	job_plugin	—	—
jenkins	ldap_plugin	—	—
jenkins	loadcomplete_support_plugin	—	—
jenkins	ns-nd_integration_performance_publisher_plugin	—	—
jenkins	pipeline_utility_steps_plugin	—	—
jenkins	reverse_proxy_auth_plugin	—	—
jenkins	sidebar_link_plugin	—	—
jenkins	tag_profiler_plugin	—	—
jenkins	testcomplete_support_plugin	—	—
jenkins	testng_report_files_and_displayed_on_the_plugin	—	—
jenkins	testng_results_plugin	—	—
jenkins	wso2_oauth	<= 1.0	—
jenkins_project	jenkins_wso2_oauth_plugin	<= 1.0	—