Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on...
8.8CVSS
8.6AI Score
0.002EPSS
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing...
6.1CVSS
6.3AI Score
0.001EPSS