CVE-2023-24424

HIGH

Jenkins OpenId Connect Authentication Plugin <2.4 - Auth Bypass

Title source: llm
STIX 2.1

Description

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

References (1)

Scores

CVSS v3 8.8
EPSS 0.0047
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-384
Status published
Products (2)
jenkins/openid_connect_authentication < 2.5
org.jenkins-ci.plugins/oic-auth 0 - 2.5Maven
Published Jan 26, 2023
Tracked Since Feb 18, 2026