CVE-2024-47806
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47806
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47806.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47806
- Aliases
- Published
- 2024-10-02T16:15:10Z
- Modified
- 2025-05-17T14:23:41.919781Z
- Summary
- [none]
- Details
-
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the
aud(Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. - References
Affected packages
Git / github.com/jenkinsci/oic-auth-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/oic-auth-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.223.v503b_9a_75a_8a_f
4.224.v62720cfa_026e
4.225.v03326773b_44b_
4.227.v36610663f760
4.228.v0c3e8682ff1f
4.229.vf736b_fec02f4
4.236.v4124503b_a_f88
4.238.v0021f710b_b_f4
4.239.v325750a_96f3b_
4.250.v5a_d993226437
4.257.v5360e8489e8b_
4.269.va_7526f34f306
4.279.vca_c1e2fdd24b_
4.284.v0cc21de03d37
4.290.v6f5e8da_e98b_2
4.297.vcddb_d8a_e4694
4.299.v5ca_eb_6a_f3e6d
4.303.v84089a_708ea_7
4.320.v23537cb_a_b_5c6
4.324.vfd49d010926b_
4.329.v994d3f265d68
4.330.v6fdfc07513e3
4.331.vd925b_f76f3a_c
4.340.ve70636c6590e
4.346.v10401f543622
4.350.v347c3b_8b_9d95
4.354.v321ce67a_1de8
Other
next
oic-auth-1.*
oic-auth-1.0
oic-auth-1.1
oic-auth-1.2
oic-auth-1.3
oic-auth-1.4
oic-auth-1.5
oic-auth-1.6
oic-auth-1.7
oic-auth-1.8
oic-auth-2.*
oic-auth-2.0
oic-auth-2.1
oic-auth-2.2
oic-auth-2.3
oic-auth-2.4
oic-auth-2.5
oic-auth-2.6
oic-auth-3.*
oic-auth-3.0