Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins openid vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openid
4
CVSSv2
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Openid
NA
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid
NA
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Jenkins Openid
NA
CVE-2023-24446
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Openid
NA
CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of tha...
Jenkins Openid
NA
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
4.3
CVSSv2
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and previous versions in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. ...
Jenkins Openid Connect Authentication
NA
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid Connect Authentication
NA
CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely r...
Eclipse Jetty 12.0.0
Eclipse Jetty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »