Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
9.8CVSS
9.4AI Score
0.002EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
6.5CVSS
6.4AI Score
0.001EPSS