Openid Security Vulnerabilities and Issues — Openid CVE List

Lucene search

JenkinsOpenid

6 matches found

CVE•added 2023/01/26 9:18 p.m.•73 views

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

6.1CVSS6.1AI score0.00205EPSS

CVE•added 2023/01/26 9:18 p.m.•69 views

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

9.8CVSS9.3AI score0.00146EPSS

CVE•added 2023/01/26 9:18 p.m.•64 views

CVE-2023-24446

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

8.8CVSS8.5AI score0.00233EPSS

CVE•added 2019/04/04 4:29 p.m.•59 views

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

6.5CVSS6.3AI score0.00156EPSS

CVE•added 2019/04/04 4:29 p.m.•53 views

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

6.5CVSS6.2AI score0.00084EPSS

CVE•added 2023/12/13 6:15 p.m.•44 views

CVE-2023-50770

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining adm...

6.7CVSS6.4AI score0.00012EPSS