Wso2 Oauth Security Vulnerabilities and Issues — Wso2 Oauth CVE List

Lucene search

JenkinsWso2 Oauth

5 matches found

CVE•added 2025/05/14 9:15 p.m.•82 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

9.8CVSS7.5AI score0.00122EPSS

CVE•added 2023/05/16 5:15 p.m.•44 views

CVE-2023-33005

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

5.4CVSS5.5AI score0.00188EPSS

CVE•added 2023/05/16 5:15 p.m.•43 views

CVE-2023-33006

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

5.4CVSS5.4AI score0.00233EPSS

CVE•added 2023/04/12 6:15 p.m.•42 views

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

4.3CVSS4.5AI score0.00024EPSS

CVE•added 2023/04/12 6:15 p.m.•42 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.

6.5CVSS6.4AI score0.00021EPSS