GHSA-rwg5-2pv9-633w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rwg5-2pv9-633w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rwg5-2pv9-633w/GHSA-rwg5-2pv9-633w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rwg5-2pv9-633w
- Aliases
-
- CVE-2023-37946
- Published
- 2023-07-12T18:30:38Z
- Modified
- 2024-02-16T08:20:41.158673Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins OpenShift Login Plugin session fixation vulnerability
- Details
-
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb1a20 and earlier does not invalidate the existing session on login.
This allows attackers to use social engineering techniques to gain administrator access to Jenkins.
OpenShift Login Plugin 1.1.0.230.v5d7030b_f5432 invalidates the existing session on login.
- Database specific
{ "nvd_published_at": "2023-07-12T16:15:13Z", "cwe_ids": [ "CWE-384" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-12T22:31:59Z" }- References
Affected packages
Maven / org.openshift.jenkins:openshift-login
Package
- Name
- org.openshift.jenkins:openshift-login
- View open source insights on deps.dev
- Purl
- pkg:maven/org.openshift.jenkins/openshift-login
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.0.230.v5d7030b
Affected versions
0.*
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.1.0.227.v27e08dfb_1a_20