Jenkins OpenId Connect Auth Plugin <2.6 Plaintext Password Exposure
CVE-2023-50770 Published on December 13, 2023

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

Vendor Advisory NVD

Products Associated with CVE-2023-50770

Want to know whenever a new CVE is published for Jenkins Openid? stack.watch will email you.

Jenkins Openid

Affected Versions

Jenkins Project Jenkins OpenId Connect Authentication Plugin:

Before and including 2.6 is affected.

Exploit Probability

EPSS

0.01%

Percentile

1.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins OpenId Connect Auth Plugin <2.6 Plaintext Password ExposureCVE-2023-50770 Published on December 13, 2023

Products Associated with CVE-2023-50770

Affected Versions

Exploit Probability

Jenkins OpenId Connect Auth Plugin <2.6 Plaintext Password Exposure
CVE-2023-50770 Published on December 13, 2023