Jenkins Wso2_oauth

5 CVEs affecting Jenkins Wso2_oauth. Latest disclosed: 2025-05-14. Critical: 1, High: 0.

Top CVEs affecting Jenkins Wso2_oauth
CVESeverityScorePublishedSummary
CVE-2025-47889Critical9.82025-05-14In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticate…
CVE-2023-30528Medium6.52023-04-12Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers t…
CVE-2023-33006Medium5.42023-05-16A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker'…
CVE-2023-33005Medium5.42023-05-16Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
CVE-2023-30527Medium4.32023-04-12Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can…