Jenkins Openid Connect Authentication
By the Year
In 2023 there have been 1 vulnerability in Jenkins Openid Connect Authentication with an average score of 8.8 out of ten. Openid Connect Authentication did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 8.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 4.30 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openid Connect Authentication vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Openid Connect Authentication Security Vulnerabilities
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2023-24424
8.8 - High
- January 26, 2023
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
Session Fixation
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly
CVE-2019-1003021
4.3 - Medium
- February 06, 2019
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Openid Connect Authentication or by Jenkins? Click the Watch button to subscribe.
