Jenkins Openid Connect Authentication
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Openid Connect Authentication.
By the Year
In 2025 there have been 1 vulnerability in Jenkins Openid Connect Authentication. Last year, in 2024 Openid Connect Authentication had 3 security vulnerabilities published. Right now, Openid Connect Authentication is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 0.00 |
| 2024 | 3 | 0.00 |
| 2023 | 2 | 7.45 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 4.30 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openid Connect Authentication vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Openid Connect Authentication Security Vulnerabilities
Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username
CVE-2025-24399
- January 22, 2025
Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins.
Session Fixation Vulnerability in Jenkins OpenId Connect Authentication Plugin
CVE-2024-52553
- November 13, 2024
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token
CVE-2024-47807
- October 02, 2024
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token
CVE-2024-47806
- October 02, 2024
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines
CVE-2023-50771
6.1 - Medium
- December 13, 2023
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
Open Redirect
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2023-24424
8.8 - High
- January 26, 2023
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
Session Fixation
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly
CVE-2019-1003021
4.3 - Medium
- February 06, 2019
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Openid Connect Authentication or by Jenkins? Click the Watch button to subscribe.
