36 matches found
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2023-24446
A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...
PT-2023-19606 · Jenkins · Jenkins Openid Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: A cross-site request forgery issue allows attackers to trick users into logging in to the attacker's account. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier,...
PT-2023-19604 · Jenkins · Jenkins Openid Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier, update to a version later...
PT-2023-19605 · Jenkins · Jenkins Openid Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue is related to the improper determination of redirect URLs after login, which could potentially allow unauthorized access. The estimated number of potentially affected devic...
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...
GHSA-8V26-3P83-MF2G Jenkins OpenID Plugin CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
CloudBees Jenkins openid plugin cross-site request forgery vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . openid Plugin is used in one of the...
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Input validation
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003098
CVE-2019-1003098 describes a cross-site request forgery in the Jenkins OpenID Plugin, specifically in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation. The vulnerability allows attackers to initiate a connection to an attacker-specified server by abusing CSRF in the plugin’s v...
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
PT-2019-11389 · Jenkins · Jenkins Openid Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A missing permission check in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection...