PT-2023-19584 · Jenkins · Jenkins Openid Connect Authentication Plugin+1
Kevin Guerroudj
·
Published
2023-01-24
·
Updated
2023-02-03
·
CVE-2023-24424
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins OpenId Connect Authentication Plugin versions 2.4 and earlier
Description
The issue is related to the failure of the plugin to invalidate the previous session on login. This could potentially lead to security issues, but specific details about the estimated number of affected devices or real-world incidents are not provided.
Recommendations
For Jenkins OpenId Connect Authentication Plugin versions 2.4 and earlier, update to a version later than 2.4 to resolve the issue.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Openid Connect Authentication Plugin