CVE-2023-33006

Name of the Vulnerable Software and Affected Versions Jenkins WSO2 Oauth Plugin versions 1.0 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to trick users into logging in to the attacker's account. This issue arises because the plugin does not implement a state parameter in its OAuth flow, which is a unique and non-guessable value associated with each authentication request.

Recommendations For Jenkins WSO2 Oauth Plugin versions 1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.