GHSA-h23j-73ww-7594
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h23j-73ww-7594
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-h23j-73ww-7594/GHSA-h23j-73ww-7594.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h23j-73ww-7594
- Aliases
-
- CVE-2024-52553
- Published
- 2024-11-13T21:30:38Z
- Modified
- 2024-11-14T16:42:29.856330Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
- Details
-
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. OpenId Connect Authentication Plugin 4.421.v5422614ebe0a_ invalidates the existing session on login.
- References
Affected packages
Maven / org.jenkins-ci.plugins:oic-auth
Package
- Name
- org.jenkins-ci.plugins:oic-auth
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/oic-auth
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.421.v5422614eb
Affected versions
1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
2.*
2.0.0
2.1
2.2
2.3
2.4
2.5
2.6
3.*
3.0
4.*
4.220.v22331f08e6a_3
4.223.v503b_9a_75a_8a_f
4.224.v62720cfa_026e
4.225.v03326773b_44b_
4.227.v36610663f760
4.228.v0c3e8682ff1f
4.229.vf736b_fec02f4
4.236.v4124503b_a_f88
4.238.v0021f710b_b_f4
4.239.v325750a_96f3b_
4.250.v5a_d993226437
4.257.v5360e8489e8b_
4.269.va_7526f34f306
4.279.vca_c1e2fdd24b_
4.284.v0cc21de03d37
4.290.v6f5e8da_e98b_2
4.297.vcddb_d8a_e4694
4.299.v5ca_eb_6a_f3e6d
4.303.v84089a_708ea_7
4.320.v23537cb_a_b_5c6
4.324.vfd49d010926b_
4.329.v994d3f265d68
4.330.v6fdfc07513e3
4.331.vd925b_f76f3a_c
4.340.ve70636c6590e
4.346.v10401f543622
4.350.v347c3b_8b_9d95
4.354.v321ce67a_1de8
4.355.v3a_fb_fca_b_96d4
4.371.vc7c0c06e8a_f5
4.388.v4f73328eb_d2c
4.409.ve864b_f48b_0f3
4.411.v990b_9d36e74e
4.418.vccc7061f5b_6d