Vulnerabilities > Jenkins > CAS > 1.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-16 | CVE-2023-32997 | Session Fixation vulnerability in Jenkins CAS Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | 8.8 |
2021-06-30 | CVE-2021-21673 | Unspecified vulnerability in Jenkins CAS Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 |