Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.9 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

7AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.32 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

6.4AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.31 views

CVE-2023-24446

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

8.9AI score0.00556EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.6 views

PT-2023-19606 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: A cross-site request forgery issue allows attackers to trick users into logging in to the attacker's account. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier,...

8.8CVSS8.4AI score0.00556EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19604 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier, update to a version later...

9.8CVSS9.2AI score0.01149EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.6 views

PT-2023-19605 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue is related to the improper determination of redirect URLs after login, which could potentially allow unauthorized access. The estimated number of potentially affected devic...

6.1CVSS5.9AI score0.00657EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.7 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

7.1AI score0.01149EPSS
Exploits0References1
OSV
OSV
added 2022/05/13 1:25 a.m.20 views

GHSA-8V26-3P83-MF2G Jenkins OpenID Plugin CSRF vulnerability

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.01312EPSS
Exploits0References6
CNVD
CNVD
added 2019/04/15 12:0 a.m.3 views

CloudBees Jenkins openid plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . openid Plugin is used in one of the...

6.5CVSS7AI score0.01312EPSS
Exploits0References1
NVD
NVD
added 2019/04/04 4:29 p.m.13 views

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.01312EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.24 views

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2019/04/04 4:29 p.m.22 views

Input validation

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

4CVSS6.3AI score0.01549EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/04/04 4:29 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

4.3CVSS6.3AI score0.01312EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.78 views

CVE-2019-1003098

CVE-2019-1003098 describes a cross-site request forgery in the Jenkins OpenID Plugin, specifically in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation. The vulnerability allows attackers to initiate a connection to an attacker-specified server by abusing CSRF in the plugin’s v...

6.5CVSS6.3AI score0.01312EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.24 views

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

6.3AI score0.01312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11389 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A missing permission check in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection...

6.5CVSS6.2AI score0.01549EPSS
Exploits0References8
Rows per page
Query Builder