CVE-2023-24445

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-24445

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24445.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-24445

Aliases

GHSA-mj62-m63x-mh84

Published

2023-01-26T21:18:18.150Z

Modified

2026-03-11T15:03:25.409362Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997

Affected packages

Git / github.com/jenkinsci/openid-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/openid-plugin

Events

Introduced

Last affected

2b0313be8be7b19375de324a9f0e115e711be481

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4"
        }
    ]
}

Affected versions

openid-1.*

openid-1.0

openid-1.1

openid-1.2

openid-1.3

openid-1.4

openid-1.5

openid-1.6

openid-1.7

openid-1.8

openid-2.*

openid-2.0

openid-2.1

openid-2.1.1

openid-2.2

openid-2.3

openid-2.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24445.json"