CVE-2025-64131

Jenkins SAML Plugin 4.583.vc68232f7018a and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user...

EUVD-2022-2908

Malicious code in bioql PyPI...

EUVD-2022-5218

Malicious code in bioql PyPI...

CVE-2023-24456

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...

CVE-2024-52553

CVE-2024-52553 affects Jenkins OpenId Connect Authentication Plugin, with vulnerable versions 4.418.vccc7061f5b_6d and earlier. The root cause is that the plugin does not invalidate the previous session on login, creating a possible session fixation risk. This could enable an attacker to gain adm...

PT-2019-11721 · Jenkins · Jenkins Pam Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PAM Authentication Plugin versions 1.5 and earlier, except version 1.4.1 Description: A missing permission check in the PamSecurityRealm.DescriptorImpldoTest function allowed users with Overall/Read permission to obtain limited...