Vulnerabilities > Jenkins > CAS

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32997 Session Fixation vulnerability in Jenkins CAS
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
8.8
2021-06-30 CVE-2021-21673 Unspecified vulnerability in Jenkins CAS
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
network
low complexity
jenkins
6.1
2018-06-05 CVE-2018-1000188 Server-Side Request Forgery (SSRF) vulnerability in Jenkins CAS
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
5.5