Authentication Bypass in Jenkins OpenId Connect Plugin by Jenkins
CVE-2024-47807
Currently unrated
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 2 October 2024
Summary
The OpenId Connect Authentication Plugin for Jenkins fails to verify the 'iss' (Issuer) claim in the ID Token, which allows attackers to manipulate the authentication process. This flaw could enable unauthorized users to gain administrative access to Jenkins instances, posing a substantial risk to sensitive data and server integrity.
References
Timeline
Vulnerability published