CVE-2024-52553
- Source
- https://cve.org/CVERecord?id=CVE-2024-52553
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52553.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-52553
- Aliases
- Published
- 2024-11-13T21:15:29.473Z
- Modified
- 2026-04-12T09:00:30.141268Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
- References
Affected packages
Git / github.com/jenkinsci/oic-auth-plugin
Affected versions
4.*
4.223.v503b_9a_75a_8a_f
4.224.v62720cfa_026e
4.225.v03326773b_44b_
4.227.v36610663f760
4.228.v0c3e8682ff1f
4.229.vf736b_fec02f4
4.236.v4124503b_a_f88
4.238.v0021f710b_b_f4
4.239.v325750a_96f3b_
4.250.v5a_d993226437
4.257.v5360e8489e8b_
4.269.va_7526f34f306
4.279.vca_c1e2fdd24b_
4.284.v0cc21de03d37
4.290.v6f5e8da_e98b_2
4.297.vcddb_d8a_e4694
4.299.v5ca_eb_6a_f3e6d
4.303.v84089a_708ea_7
4.320.v23537cb_a_b_5c6
4.324.vfd49d010926b_
4.329.v994d3f265d68
4.330.v6fdfc07513e3
4.331.vd925b_f76f3a_c
4.340.ve70636c6590e
4.346.v10401f543622
4.350.v347c3b_8b_9d95
4.354.v321ce67a_1de8
4.355.v3a_fb_fca_b_96d4
4.371.vc7c0c06e8a_f5
4.388.v4f73328eb_d2c
4.409.ve864b_f48b_0f3
4.411.v990b_9d36e74e
4.418.vccc7061f5b_6d
Other
next
oic-auth-1.*
oic-auth-1.0
oic-auth-1.1
oic-auth-1.2
oic-auth-1.3
oic-auth-1.4
oic-auth-1.5
oic-auth-1.6
oic-auth-1.7
oic-auth-1.8
oic-auth-2.*
oic-auth-2.0
oic-auth-2.1
oic-auth-2.2
oic-auth-2.3
oic-auth-2.4
oic-auth-2.5
oic-auth-2.6
oic-auth-3.*
oic-auth-3.0
Database specific
vanir_signatures_modified
"2026-04-12T09:00:30Z"
vanir_signatures
[
{
"id": "CVE-2024-52553-4be50e81",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/oic/PluginTest.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"85958434038394528563344181650085846055",
"28581322097076412153196082635493811793",
"127461879476717237206713694832372004346",
"314025425150922236756852354014811777633",
"211744667702184678182064837970714464554",
"161733928719772426897844175511315516178",
"268378657728299081093419111016272250730",
"19811698215051908548621808648409723439",
"68303063745719968187495743364393280117",
"259676973836520502843997503335198219760",
"292482339705459024377242425053008321141",
"192598324072170556479418627424168498656",
"248352522885441057856396616556068214350",
"38705883804530816157035996504919150323",
"337419942880861124058043119112535989521",
"252390371685089601409688651288883252339"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jenkinsci/oic-auth-plugin/commit/5422614ebe0ade06fd07aaa2863499ad59946990",
"signature_version": "v1"
},
{
"id": "CVE-2024-52553-8c53fb31",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java",
"function": "doFinishLogin"
},
"deprecated": false,
"digest": {
"function_hash": "291317090383316914928693415159409958045",
"length": 1357.0
},
"signature_type": "Function",
"source": "https://github.com/jenkinsci/oic-auth-plugin/commit/5422614ebe0ade06fd07aaa2863499ad59946990",
"signature_version": "v1"
},
{
"id": "CVE-2024-52553-d1cd08aa",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"309263351833276198883034355050359779552",
"233269332194017814631750250782657193003",
"249016069532957364862054562179285209760"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jenkinsci/oic-auth-plugin/commit/5422614ebe0ade06fd07aaa2863499ad59946990",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52553.json"