Jenkins Cas
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Cas . Last year Cas had 1 security vulnerability published. Right now, Cas is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.80 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.40 |
It may take a day or so for new Cas vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Cas Security Vulnerabilities
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
CVE-2023-32997
8.8 - High
- May 16, 2023
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Session Fixation
Jenkins CAS Plugin 1.6.0 and earlier improperly determines
CVE-2021-21673
6.1 - Medium
- June 30, 2021
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java
CVE-2018-1000188
5.4 - Medium
- June 05, 2018
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
XSPA
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Cas or by Jenkins? Click the Watch button to subscribe.
