Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JenkinsOpenid Connect Authentication*

3 matches found

CVE
CVEadded 2024/11/13 9:15 p.m.45 views

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.

8.8CVSS7.1AI score0.00223EPSS
CVE
CVEadded 2024/10/02 4:15 p.m.43 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the aud (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

8.1CVSS7.1AI score0.00217EPSS
CVE
CVEadded 2024/10/02 4:15 p.m.43 views

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the iss (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

8.1CVSS6.7AI score0.00217EPSS