OpenId Connect Authentication Plugin Vulnerability in Jenkins
CVE-2023-50771

6.1MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Openid Connect Authentication Plugin
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-50771?

The Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier contain a vulnerability that fails to correctly validate the redirect URL after login. This oversight allows malicious actors to redirect users to fraudulent sites, potentially enabling phishing attacks that can compromise sensitive credentials. It is essential for users of affected versions to apply the latest updates to mitigate this risk and enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins OpenId Connect Authentication Plugin 0 <= 2.6

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 13, 2023

JSON

Jenkins