OpenId Connect Authentication Plugin Vulnerability in Jenkins
CVE-2023-50771

6.1MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Openid Connect Authentication Plugin
Vendor: CVE Published:; 13 December 2023

Summary

The Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier contain a vulnerability that fails to correctly validate the redirect URL after login. This oversight allows malicious actors to redirect users to fraudulent sites, potentially enabling phishing attacks that can compromise sensitive credentials. It is essential for users of affected versions to apply the latest updates to mitigate this risk and enhance security.

Affected Version(s)

Jenkins OpenId Connect Authentication Plugin 0 <= 2.6

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 13, 2023