PT-2023-9065 · Jenkins · Jenkins Wso2 Oauth Plugin+1

Publicado

2023-05-16

Atualizado

2023-05-25

CVE-2023-33005

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins WSO2 Oauth Plugin versions 1.0 and earlier

Description The issue is related to the incorrect session expiration in the Jenkins WSO2 Oauth Plugin. This could allow a remote attacker to gain unauthorized access to protected information. Attackers can use social engineering techniques to gain administrator access to Jenkins.

Recommendations For Jenkins WSO2 Oauth Plugin versions 1.0 and earlier, as a temporary workaround, consider restricting access to the plugin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Session Fixation

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384CWE-613

Identificadores relacionados

BDU:2024-03396

CVE-2023-33005

GHSA-XXQ2-74HW-VG6M

Produtos afetados

Jenkins

Jenkins Wso2 Oauth Plugin

PT-2023-9065 · Jenkins · Jenkins Wso2 Oauth Plugin+1

CVE-2023-33005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7