Jenkins Wso2_oauth
5 CVEs affecting Jenkins Wso2_oauth. Latest disclosed: 2025-05-14. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47889 | Critical | 9.8 | 2025-05-14 | In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticate… |
CVE-2023-30528 | Medium | 6.5 | 2023-04-12 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers t… |
CVE-2023-33006 | Medium | 5.4 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker'… |
CVE-2023-33005 | Medium | 5.4 | 2023-05-16 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. |
CVE-2023-30527 | Medium | 4.3 | 2023-04-12 | Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can… |