Jenkins Project Jenkins Openid Connect Authentication Plugin vulnerabilities
7 known vulnerabilities affecting jenkins_project/jenkins_openid_connect_authentication_plugin.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-52553HIGHCVSS 8.8≤ 4.418.vccc7061f5b_6d2024-11-13
CVE-2024-52553 [HIGH] CWE-613 CVE-2024-52553: Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate th
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
cvelistv5nvd
CVE-2024-47807HIGHCVSS 8.1≤ 4.354.v321ce67a_1de82024-10-02
CVE-2024-47807 [HIGH] CWE-287 CVE-2024-47807: Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `is
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
cvelistv5nvd
CVE-2024-47806HIGHCVSS 8.1≤ 4.354.v321ce67a_1de82024-10-02
CVE-2024-47806 [HIGH] CWE-287 CVE-2024-47806: Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `au
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
cvelistv5nvd
CVE-2023-50770MEDIUMCVSS 6.7≤ 2.62023-12-13
CVE-2023-50770 [MEDIUM] CWE-522 CVE-2023-50770: Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user accou
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
cvelistv5nvd
CVE-2023-50771MEDIUMCVSS 6.1≤ 2.62023-12-13
CVE-2023-50771 [MEDIUM] CWE-601 CVE-2023-50771: Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect U
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
cvelistv5nvd
CVE-2023-24424HIGHCVSS 8.8≥ unspecified, ≤ 2.42023-01-26
CVE-2023-24424 [HIGH] CWE-384 CVE-2023-24424: Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous sessio
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
cvelistv5nvd
CVE-2019-1003021MEDIUMCVSS 4.3v1.4 and earlier2019-02-06
CVE-2019-1003021 [MEDIUM] CWE-200 CVE-2019-1003021: An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication P
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
cvelistv5nvd