PT-2023-19586 · Jenkins · Jenkins Azure Ad Plugin+1
Kevin Guerroudj
·
Published
2023-01-24
·
Updated
2023-02-03
·
CVE-2023-24426
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Azure AD Plugin versions 303.va 91ef20ee49f and earlier
Description
The issue is related to the Jenkins Azure AD Plugin not invalidating the previous session on login. This could potentially allow unauthorized access.
Recommendations
For Jenkins Azure AD Plugin versions 303.va 91ef20ee49f and earlier, update to a version that properly invalidates previous sessions on login to resolve the issue.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Azure Ad Plugin