EUVD-2023-0566

Malicious code in bioql PyPI...

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the iss Issuer claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

GHSA-Q7C3-X7HM-QQ72 Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

CVE-2025-47884

CVE-2025-47884 affects Jenkins OpenID Connect Provider Plugin versions 96.vee8ed882ec4d and earlier. The issue arises from build ID Token generation using potentially overridden environment variable values, which, when combined with other plugins that allow environment variable overrides, enables...

PT-2025-21237 · Jenkins · Jenkins Openid Connect Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Connect Provider Plugin versions 96.vee8ed882ec4d and earlier Description: The issue concerns the generation of build ID Tokens, which uses potentially overridden values of environment variables. This can be exploited by...

Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin

The Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier treats usernames as case-insensitive. On a Jenkins instance configured with a case-sensitive OpenID Connect provider, this allows attackers to log in as any user by providing a username that differs only in letter...

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

CVE-2025-24399

CVE-2025-24399 affects the Jenkins OpenId Connect Authentication Plugin. The vulnerability arises because the plugin versions 4.452.v2849b_d3945fa_ and earlier (except 4.438.440.v3f5f201de5dc) treat usernames as case-insensitive, which on a Jenkins instance with a case-sensitive OpenID Connect pr...

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the iss Issuer claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

CVE-2023-50771

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...

PT-2023-31640 · Jenkins · Jenkins Openid Connect Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier Description: The issue allows attackers to perform phishing attacks by improperly determining that a redirect URL after login is legitimately pointing to Jenkins...

Jenkins OpenId Connect Authentication Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...