Openid Connect Authentication Security Vulnerabilities and Issues — Openid Connect Authentication CVE List

Lucene search

JenkinsOpenid Connect Authentication

5 matches found

CVE•added 2025/01/22 5:15 p.m.•745 views

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that d...

8.8CVSS6.8AI score0.00252EPSS

CVE•added 2023/01/26 9:18 p.m.•62 views

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

8.8CVSS8.6AI score0.00299EPSS

CVE•added 2024/11/13 9:15 p.m.•45 views

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.

8.8CVSS7.1AI score0.00223EPSS

CVE•added 2024/10/02 4:15 p.m.•43 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the aud (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

8.1CVSS7.1AI score0.00217EPSS

CVE•added 2024/10/02 4:15 p.m.•43 views

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the iss (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

8.1CVSS6.7AI score0.00217EPSS