Lucene search
K

35 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0423

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00556EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0509

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00657EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0566

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0118EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0454

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.9 views

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the iss Issuer claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

8.1CVSS7AI score0.00636EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.8 views

CVE-2023-24446

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

8.8CVSS6.7AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.9 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

9.8CVSS6.8AI score0.01149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.8 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

6.1CVSS6.6AI score0.00657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.8 views

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/16 9:20 p.m.24 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.7AI score0.00609EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 9:31 p.m.6 views

GHSA-Q7C3-X7HM-QQ72 Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.5AI score0.00609EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/14 9:31 p.m.14 views

Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.6AI score0.00609EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/14 9:15 p.m.2 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS5.7AI score0.00609EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 9:15 p.m.17 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS0.00609EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 8:35 p.m.7 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

6.7AI score0.00609EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 8:35 p.m.65 views

CVE-2025-47884

CVE-2025-47884 affects Jenkins OpenID Connect Provider Plugin versions 96.vee8ed882ec4d and earlier. The issue arises from build ID Token generation using potentially overridden environment variable values, which, when combined with other plugins that allow environment variable overrides, enables...

9.1CVSS7AI score0.00609EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21237 · Jenkins · Jenkins Openid Connect Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Connect Provider Plugin versions 96.vee8ed882ec4d and earlier Description: The issue concerns the generation of build ID Tokens, which uses potentially overridden values of environment variables. This can be exploited by...

9.1CVSS9.2AI score0.00609EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2025/01/22 6:31 p.m.14 views

Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin

The Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier treats usernames as case-insensitive. On a Jenkins instance configured with a case-sensitive OpenID Connect provider, this allows attackers to log in as any user by providing a username that differs only in letter...

8.8CVSS8.6AI score0.0053EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/01/22 5:15 p.m.13 views

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

8.8CVSS0.0053EPSS
Exploits0References1
OSV
OSV
added 2025/01/22 5:15 p.m.6 views

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

8.8CVSS6.5AI score
Exploits0References1
Rows per page
Query Builder