Jenkins Openid_connect_authentication

7 CVEs affecting Jenkins Openid_connect_authentication. Latest disclosed: 2025-01-22. Critical: 0, High: 5.

Top CVEs affecting Jenkins Openid_connect_authentication
CVESeverityScorePublishedSummary
CVE-2025-24399High8.82025-01-22Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing…
CVE-2024-52553High8.82024-11-13Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2023-24424High8.82023-01-26Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2024-47807High8.12024-10-02Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to sub…
CVE-2024-47806High8.12024-10-02Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to s…
CVE-2023-50771Medium6.12023-12-13Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowin…
CVE-2019-1003021Medium4.32019-02-06An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that…