Jenkins Openid_connect_authentication
7 CVEs affecting Jenkins Openid_connect_authentication. Latest disclosed: 2025-01-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24399 | High | 8.8 | 2025-01-22 | Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing… |
CVE-2024-52553 | High | 8.8 | 2024-11-13 | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. |
CVE-2023-24424 | High | 8.8 | 2023-01-26 | Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. |
CVE-2024-47807 | High | 8.1 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to sub… |
CVE-2024-47806 | High | 8.1 | 2024-10-02 | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to s… |
CVE-2023-50771 | Medium | 6.1 | 2023-12-13 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowin… |
CVE-2019-1003021 | Medium | 4.3 | 2019-02-06 | An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that… |