Vulnerabilities > Jenkins > CAS > 1.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32997 | Session Fixation vulnerability in Jenkins CAS Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | 8.8 |
| 2021-06-30 | CVE-2021-21673 | Unspecified vulnerability in Jenkins CAS Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 |
| 2018-06-05 | CVE-2018-1000188 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins CAS A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.5 |