Vulnerability in Jenkins OpenId Connect Authentication Plugin Allowing Unauthorized Access
CVE-2024-47806
Currently unrated
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 2 October 2024
Summary
The Jenkins OpenId Connect Authentication Plugin fails to validate the 'aud' (Audience) claim within an ID Token. This oversight allows an attacker to manipulate the authentication process, potentially enabling them to gain unauthorized administrator access to the Jenkins platform. As a result, users of compromised versions may face significant security risks, highlighting the importance of upgrading to patched versions.
References
Timeline
Vulnerability published