Cross-Site Request Forgery Vulnerability in Jenkins Keycloak Authentication Plugin
CVE-2023-24457

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Keycloak Authentication Plugin
Vendor: CVE Published:; 26 January 2023

Summary

A CSRF vulnerability exists in the Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier, allowing malicious actors to exploit user sessions. By persuading victims to execute a crafted request while they are logged in, attackers can gain unauthorized access to user accounts, jeopardizing sensitive information and user privacy.

Affected Version(s)

Jenkins Keycloak Authentication Plugin <= 2.3.0

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023