Vulnerability in Jenkins OpenId Connect Authentication Plugin Allowing Unauthorized Access

CVE-2024-47806

What is CVE-2024-47806?

The Jenkins OpenId Connect Authentication Plugin fails to validate the 'aud' (Audience) claim within an ID Token. This oversight allows an attacker to manipulate the authentication process, potentially enabling them to gain unauthorized administrator access to the Jenkins platform. As a result, users of compromised versions may face significant security risks, highlighting the importance of upgrading to patched versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References