org.jenkins-ci.plugins:oic-auth
Maven7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:oic-authpage 1 of 1
- CVE-2019-1003021MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.52019-02-06
vulnerable: 1.0, 1.1, 1.2, 1.3, 1.4
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or …
- CVE-2023-24424HIGHCVSS 8.8EG 8.8✓ Fixed in 2.52023-01-26
vulnerable: 1.0 ... 2.4 (14 versions)
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
- CVE-2023-50770MEDIUMCVSS 6.7EG 6.7✓ Fixed in 4.229.vf736b2023-12-13
vulnerable: 1.0 ... 4.228.v0c3e8682ff1f (23 versions)
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover…
- CVE-2023-50771MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.02023-12-13
vulnerable: 1.0 ... 2.6 (16 versions)
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
- CVE-2024-47806HIGHCVSS 8.1EG 8.1✓ Fixed in 4.355.v3a2024-10-02
vulnerable: 1.0 ... 4.354.v321ce67a_1de8 (45 versions)
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenk…
- CVE-2024-47807HIGHCVSS 8.1EG 8.1✓ Fixed in 4.355.v3a2024-10-02
vulnerable: 1.0 ... 4.354.v321ce67a_1de8 (45 versions)
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkin…
- CVE-2024-52553HIGHCVSS 8.8EG 8.8✓ Fixed in 4.421.v5422614eb2024-11-13
vulnerable: 1.0 ... 4.418.vccc7061f5b_6d (51 versions)
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
Check whether org.jenkins-ci.plugins:oic-auth is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:oic-auth CVEs against the assets you own.
Start Free Scan →