📦

openid

Vendor: jenkins

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 6 Total Indexed

Avg. EPSS 0.41% Exploit Prob.

Latest CVE CVE-2023-50770 Dec 13

Security Vulnerability Index

Page 1 / 1

6.7 CVSS

CVE-2023-50770

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

EPSS: 0.02%

Severity: MEDIUM

Dec 13, 2023

8.8 CVSS

CVE-2023-24446

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

EPSS: 0.12%

Severity: HIGH

Jan 26, 2023

6.1 CVSS

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

EPSS: 0.53%

Severity: MEDIUM

Jan 26, 2023

9.8 CVSS

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

EPSS: 1.58%

Severity: CRITICAL

Jan 26, 2023

6.5 CVSS

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

EPSS: 0.07%

Severity: MEDIUM

Apr 04, 2019

6.5 CVSS

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

EPSS: 0.13%

Severity: MEDIUM

Apr 04, 2019

Displaying 6 of 6 Total Entries

Total 1 Sections