Jenkins Cas vulnerabilities
3 known vulnerabilities affecting jenkins/cas.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-32997HIGHCVSS 8.8≤ 1.6.22023-05-16
CVE-2023-32997 [HIGH] CWE-384 CVE-2023-32997: Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
nvd
CVE-2021-21673MEDIUMCVSS 6.1≤ 1.6.02021-06-30
CVE-2021-21673 [MEDIUM] CVE-2021-21673: Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legiti
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
nvd
CVE-2018-1000188MEDIUMCVSS 5.4≤ 1.4.12018-06-05
CVE-2018-1000188 [MEDIUM] CWE-918 CVE-2018-1000188: A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecur
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
nvd