Cross-Site Request Forgery Vulnerability in Jenkins Keycloak Authentication Plugin
CVE-2023-24457

6.5MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Keycloak Authentication Plugin
Vendor
CVE Published:
26 January 2023
đź”” Create Jenkins Vulnerability Alert

What is CVE-2023-24457?

A CSRF vulnerability exists in the Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier, allowing malicious actors to exploit user sessions. By persuading victims to execute a crafted request while they are logged in, attackers can gain unauthorized access to user accounts, jeopardizing sensitive information and user privacy.

Affected Version(s)

Jenkins Keycloak Authentication Plugin <= 2.3.0

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.