Session Fixation Vulnerability in Jenkins OpenId Connect Authentication Plugin
CVE-2024-52553 Published on November 13, 2024

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-52553 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Products Associated with CVE-2024-52553

Want to know whenever a new CVE is published for Jenkins Openid Connect Authentication? stack.watch will email you.

Jenkins Openid Connect Authentication

Affected Versions

Jenkins Project Jenkins OpenId Connect Authentication Plugin:

Before and including 4.418.vccc7061f5b_6d is affected.

jenkins openid:

Before and including 4.418.vccc7061f5b_6d is affected.

Exploit Probability

EPSS

0.28%

Percentile

50.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Session Fixation Vulnerability in Jenkins OpenId Connect Authentication PluginCVE-2024-52553 Published on November 13, 2024

Vulnerability Analysis

Weakness Type

Insufficient Session Expiration

Products Associated with CVE-2024-52553

Affected Versions

Exploit Probability

Session Fixation Vulnerability in Jenkins OpenId Connect Authentication Plugin
CVE-2024-52553 Published on November 13, 2024