PT-2023-9065 · Jenkins · Jenkins Wso2 Oauth Plugin+1

Published

2023-05-16

Updated

2023-05-25

CVE-2023-33005

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins WSO2 Oauth Plugin versions 1.0 and earlier

Description The issue is related to the incorrect session expiration in the Jenkins WSO2 Oauth Plugin. This could allow a remote attacker to gain unauthorized access to protected information. Attackers can use social engineering techniques to gain administrator access to Jenkins.

Recommendations For Jenkins WSO2 Oauth Plugin versions 1.0 and earlier, as a temporary workaround, consider restricting access to the plugin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Session Fixation

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384CWE-613

Related Identifiers

BDU:2024-03396

CVE-2023-33005

GHSA-XXQ2-74HW-VG6M

Affected Products

Jenkins

Jenkins Wso2 Oauth Plugin

PT-2023-9065 · Jenkins · Jenkins Wso2 Oauth Plugin+1

CVE-2023-33005

Weakness Enumeration

Related Identifiers

Affected Products

References · 7