CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

8.8CVSS6.7AI score0.00116EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:21 a.m.•7 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

9.8CVSS6.8AI score0.01577EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:21 a.m.•5 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

6.1CVSS6.6AI score0.0053EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:40 a.m.•5 views

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.00069EPSS

Exploits0References1

OSV•added 2025/01/22 5:15 p.m.•3 views

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

8.8CVSS6.5AI score

Exploits0References1

NVD•added 2023/01/26 9:18 p.m.•15 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

9.8CVSS9.5AI score0.01577EPSS

Exploits0References1

Prion•added 2023/01/26 9:18 p.m.•22 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

6.8CVSS8.7AI score0.00116EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/01/24 12:0 a.m.•6 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

7.1AI score0.01577EPSS

Exploits0References1

Vulnrichment•added 2023/01/24 12:0 a.m.•7 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

7AI score0.0053EPSS

Exploits0References1

Vulnrichment•added 2023/01/24 12:0 a.m.•6 views

CVE-2023-24446

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

7AI score0.00116EPSS

Exploits0References1

Positive Technologies•added 2023/01/24 12:0 a.m.•3 views

PT-2023-19604 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier, update to a version later...

9.8CVSS9.2AI score0.01577EPSS

Exploits0References4

Positive Technologies•added 2023/01/24 12:0 a.m.•4 views

PT-2023-19605 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue is related to the improper determination of redirect URLs after login, which could potentially allow unauthorized access. The estimated number of potentially affected devic...

6.1CVSS5.9AI score0.0053EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by