An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve t...
4.3CVSS
4.4AI Score
0.001EPSS
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
8.8CVSS
8.6AI Score
0.002EPSS