Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jenkins:openid_connect_authentication:1.0:*:*:*:*:jenkins:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-24424 |
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. Published: January 26, 2023; 4:18:16 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2019-1003021 |
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. Published: February 06, 2019; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |