Authentication Bypass Vulnerability in WSO2 Oauth Plugin for Jenkins
CVE-2025-47889

9.8CRITICAL

Key Information:

Vendor: Jenkins
Status: Jenkins Wso2 Oauth Plugin
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-47889?

The WSO2 Oauth Plugin for Jenkins allows attackers to bypass authentication mechanisms due to the acceptance of unvalidated authentication claims. This vulnerability permits unauthorized individuals to log in by providing any username and password combination, even if the username does not exist. Such weaknesses expose Jenkins environments to significant security threats, enabling attackers to gain access to sensitive functionalities without proper credentials.

Affected Version(s)

Jenkins WSO2 Oauth Plugin 1.0

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECU...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
May 13, 2025