Taka_1690

**Name of the Vulnerable Software and Affected Versions** Jenkins GitHub Authentication Plugin versions 0.31 and earlier **Description** The issue concerns the management of the state parameter of OAuth to prevent CSRF. An attacker could catch the redirect URL provided during the authentication process using OAuth and send it to the victim. If the victim was already connected to Jenkins, their Jenkins account would be attached to the attacker’s GitHub account. **Recommendations** For Jenkins GitHub Authentication Plugin versions 0.31 and earlier, update to a version that correctly manages the state parameter of OAuth to prevent CSRF. As a temporary workaround, consider restricting the use of OAuth authentication until a patch is available.