CVE-2023-32997

HIGH

Jenkins CAS Plugin <1.6.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0079
EPSS Percentile 51.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-384
Status published
Products (2)
jenkins/cas < 1.6.2
org.jenkins-ci.plugins/cas-plugin 0 - 1.6.3Maven
Published May 16, 2023
Tracked Since Feb 18, 2026