CVE-2023-24456

Critical

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

jenkins·CWE-384·Published 2023-01-24

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

107 chars

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

NVDen

107 chars

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

OSV.deven

107 chars

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

GHSAen

107 chars

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

NVDes

132 chars

El complemento Keycloak Authentication de Jenkins en su versión 2.3.0 y anteriores no invalida la sesión anterior al iniciar sesión.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H