Vulnerabilities > Jenkins > Openid > 1.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-50770 Insufficiently Protected Credentials vulnerability in Jenkins Openid
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
local
low complexity
jenkins CWE-522
6.7
6.7
2023-12-13 CVE-2023-50771 Open Redirect vulnerability in Jenkins Openid
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
network
low complexity
jenkins CWE-601
6.1
6.1
2023-01-26 CVE-2023-24444 Improper Resource Shutdown or Release vulnerability in Jenkins Openid
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-404
critical
 9.8
9.8
2023-01-26 CVE-2023-24445 Open Redirect vulnerability in Jenkins Openid
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
network
low complexity
jenkins CWE-601
6.1
6.1
2023-01-26 CVE-2023-24446 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-04-04 CVE-2019-1003099 Missing Authorization vulnerability in Jenkins Openid
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-862
6.5
6.5