29 matches found
Jenkins Plugin Keycloak Authentication 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-24457
CVE-2023-24457 describes a CSRF vulnerability in the Jenkins Keycloak Authentication Plugin (versions
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...
PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...
CVE-2023-24457
A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...
PT-2023-19617 · Jenkins · Jenkins Keycloak Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to trick users into logging in to the attacker's account. This can be achieved by exploiting the login...
CVE-2023-24457
A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...
CVE-2023-24456
CVE-2023-24456 affects Jenkins Keycloak Authentication Plugin 2.3.0 and earlier. The issue: login does not invalidate the previous session, enabling session fixation. Impact noted as high/critical (CVSS 3.1 base 9.8). Affected versions: 2.3.0 and earlier. Remediation guidance in connected docs: u...