Vulnerabilities > CVE-2023-24426 - Insufficient Session Expiration vulnerability in Jenkins Azure AD

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

CWE-613

NVD

Published: 2023-01-26

Updated: 2023-02-03

Summary

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Azure AD 0.1.1 Jenkins Azure AD 0.1.1-1 Jenkins Azure AD 0.2.0 Jenkins Azure AD 0.3.0 Jenkins Azure AD 0.3.1 Jenkins Azure AD 0.3.2 Jenkins Azure AD 0.3.3 Jenkins Azure AD 0.3.4 Jenkins Azure AD 1.0.0 Jenkins Azure AD 1.1.0 Jenkins Azure AD 1.1.1 Jenkins Azure AD 1.1.2 Jenkins Azure AD 1.2.0 Jenkins Azure AD 1.2.1 Jenkins Azure AD 1.2.2 Jenkins Azure AD 1.2.3 Jenkins Azure AD 146.Vb688D1511C38 Jenkins Azure AD 150.Vb3Db9F880321 Jenkins Azure AD 152.V1609Ed460604 Jenkins Azure AD 153.V7Af57B288088 Jenkins Azure AD 154.V12E17A5F9Ea3 Jenkins Azure AD 155.V745Ce80Af7Ea Jenkins Azure AD 157.V2D3D5782A602 Jenkins Azure AD 158.V437429002C6B Jenkins Azure AD 164.V5B48Baa961D2 Jenkins Azure AD 165.V36344B7D7Ca7 Jenkins Azure AD 167.V34C2C5A3A030 Jenkins Azure AD 168.Ve6E7E368Dbf6 Jenkins Azure AD 170.V0A6219442A99 Jenkins Azure AD 171.V9Ef20C94D336 Jenkins Azure AD 172.Vf6A517C3329A Jenkins Azure AD 173.V0A210Fffb510 Jenkins Azure AD 174.Vc2D906355813 Jenkins Azure AD 175.V5513346D764A Jenkins Azure AD 177.V80B6C1591Bf9 Jenkins Azure AD 178.V7B93892Fbe4C Jenkins Azure AD 179.Vf6841393099E Jenkins Azure AD 180.V8B1E80E6F242 Jenkins Azure AD 183.Vf8C6Fa4C6567 Jenkins Azure AD 184.V44F04B65Bdd5 Jenkins Azure AD 185.V3B416408Dcb1 Jenkins Azure AD 188.V2369Adb95A31 Jenkins Azure AD 189.V2Da14Dccdb43 Jenkins Azure AD 190.V872B1977148A Jenkins Azure AD 191.Vfc8019068670 Jenkins Azure AD 194.V70A6D5203Ce4 Jenkins Azure AD 195.V8555A0Bf0D22 Jenkins Azure AD 213.V5B_00Db_295F49 Jenkins Azure AD 218.V90F6A_980B_A_61 Jenkins Azure AD 233.V934E074916C7 Jenkins Azure AD 234.Vb_Ece34Ecd5Ff Jenkins Azure AD 241.Vb_E5Cd7C35B_2E Jenkins Azure AD 267.V5B_Dfb_514D9Fd Jenkins Azure AD 303.Va_91Ef20Ee49F	54

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2980