CVE-2023-24424

High

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

jenkins·CWE-384·Published 2023-01-24

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

111 chars

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

NVDen

111 chars

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

OSV.deven

111 chars

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

GHSAen

111 chars

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

NVDes

132 chars

El complemento OpenId Connect Authentication 2.4 de Jenkins y versiones anteriores no invalida la sesión anterior al iniciar sesión.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H