Vulnerabilities > Jenkins > Openid Connect Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-50771 Open Redirect vulnerability in Jenkins Openid Connect Authentication
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
network
low complexity
jenkins CWE-601
6.1
2023-01-26 CVE-2023-24424 Session Fixation vulnerability in Jenkins Openid Connect Authentication
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
8.8
2019-02-06 CVE-2019-1003021 Information Exposure vulnerability in Jenkins Openid Connect Authentication
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g.
network
low complexity
jenkins CWE-200
4.3