Jenkins Openid Connect Authentication — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Openid Connect Authentication, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-52553 — CVSS 8.8 (high): Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2023-24424 — CVSS 8.8 (high): Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2024-47806 — CVSS 8.1 (high): Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token…
CVE-2024-47807 — CVSS 8.1 (high): Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token…
CVE-2023-50771 — CVSS 6.1 (medium): Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing…
CVE-2019-1003021 — CVSS 4.3 (medium): An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in…