OpenId Connect Authentication Plugin Vulnerability in Jenkins
CVE-2023-50771
6.1MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 13 December 2023
What is CVE-2023-50771?
The Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier contain a vulnerability that fails to correctly validate the redirect URL after login. This oversight allows malicious actors to redirect users to fraudulent sites, potentially enabling phishing attacks that can compromise sensitive credentials. It is essential for users of affected versions to apply the latest updates to mitigate this risk and enhance security.
Affected Version(s)
Jenkins OpenId Connect Authentication Plugin 0 <= 2.6