Jenkins Openid

6 CVEs affecting Jenkins Openid. Latest disclosed: 2023-12-13. Critical: 1, High: 1.

Top CVEs affecting Jenkins Openid
CVESeverityScorePublishedSummary
CVE-2023-24444Critical9.82023-01-26Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2023-24446High8.82023-01-26A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's ac…
CVE-2023-50770Medium6.72023-12-13Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format…
CVE-2019-1003099Medium6.52019-04-04A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overal…
CVE-2019-1003098Medium6.52019-04-04A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attac…
CVE-2023-24445Medium6.12023-01-26Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.