CVE-2023-24426
- Source
- https://cve.org/CVERecord?id=CVE-2023-24426
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24426.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-24426
- Aliases
- Published
- 2023-01-26T21:18:16.913Z
- Modified
- 2026-03-14T12:04:36.571278Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
- References
Affected packages
Git / github.com/jenkinsci/azure-ad-plugin
Affected versions
146.*
146.vb688d1511c38
150.*
150.vb3db9f880321
152.*
152.v1609ed460604
153.*
153.v7af57b288088
154.*
154.v12e17a5f9ea3
155.*
155.v745ce80af7ea
157.*
157.v2d3d5782a602
158.*
158.v437429002c6b
164.*
164.v5b48baa961d2
165.*
165.v36344b7d7ca7
167.*
167.v34c2c5a3a030
168.*
168.ve6e7e368dbf6
170.*
170.v0a6219442a99
171.*
171.v9ef20c94d336
172.*
172.vf6a517c3329a
173.*
173.v0a210fffb510
174.*
174.vc2d906355813
175.*
175.v5513346d764a
177.*
177.v80b6c1591bf9
178.*
178.v7b93892fbe4c
179.*
179.vf6841393099e
180.*
180.v8b1e80e6f242
183.*
183.vf8c6fa4c6567
184.*
184.v44f04b65bdd5
185.*
185.v3b416408dcb1
188.*
188.v2369adb95a31
189.*
189.v2da14dccdb43
191.*
191.vfc8019068670
194.*
194.v70a6d5203ce4
195.*
195.v8555a0bf0d22
213.*
213.v5b_00db_295f49
218.*
218.v90f6a_980b_a_61
233.*
233.v934e074916c7
234.*
234.vb_ece34ecd5ff
241.*
241.vb_e5cd7c35b_2e
267.*
267.v5b_dfb_514d9fd
303.*
303.va_91ef20ee49f
azure-ad-0.*
azure-ad-0.1.1
azure-ad-0.1.1-1
azure-ad-0.2.0
azure-ad-0.3.0
azure-ad-0.3.1
azure-ad-0.3.2
azure-ad-0.3.3
azure-ad-0.3.4
azure-ad-1.*
azure-ad-1.0.0
azure-ad-1.1.0
azure-ad-1.1.1
azure-ad-1.1.2
azure-ad-1.2.0
azure-ad-1.2.1
azure-ad-1.2.2
azure-ad-1.2.3