Authentication Bypass in Jenkins OpenId Connect Plugin by Jenkins

CVE-2024-47807

What is CVE-2024-47807?

The OpenId Connect Authentication Plugin for Jenkins fails to verify the 'iss' (Issuer) claim in the ID Token, which allows attackers to manipulate the authentication process. This flaw could enable unauthorized users to gain administrative access to Jenkins instances, posing a substantial risk to sensitive data and server integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References