Jenkins Project Jenkins Cas Plugin vulnerabilities
2 known vulnerabilities affecting jenkins_project/jenkins_cas_plugin.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-32997HIGHCVSS 8.8≤ 1.6.22023-05-16
CVE-2023-32997 [HIGH] CWE-384 CVE-2023-32997: Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
cvelistv5nvd
CVE-2021-21673MEDIUMCVSS 6.1≥ unspecified, ≤ 1.6.02021-06-30
CVE-2021-21673 [MEDIUM] CVE-2021-21673: Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legiti
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
cvelistv5nvd