GHSA-h23j-73ww-7594

Suggest an improvement
Source
https://github.com/advisories/GHSA-h23j-73ww-7594
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-h23j-73ww-7594/GHSA-h23j-73ww-7594.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-h23j-73ww-7594
Aliases
  • CVE-2024-52553
Published
2024-11-13T21:30:38Z
Modified
2024-11-14T16:12:43.585468Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Details

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. OpenId Connect Authentication Plugin 4.421.v5422614ebe0a_ invalidates the existing session on login.

Database specific
{
    "nvd_published_at": "2024-11-13T21:15:29Z",
    "cwe_ids": [
        "CWE-384",
        "CWE-613"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-14T15:37:51Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:oic-auth

Package

Name
org.jenkins-ci.plugins:oic-auth
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/oic-auth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.421.v5422614eb

Affected versions

1.*

1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8

2.*

2.0.0
2.1
2.2
2.3
2.4
2.5
2.6

3.*

3.0

4.*

4.220.v22331f08e6a_3
4.223.v503b_9a_75a_8a_f
4.224.v62720cfa_026e
4.225.v03326773b_44b_
4.227.v36610663f760
4.228.v0c3e8682ff1f
4.229.vf736b_fec02f4
4.236.v4124503b_a_f88
4.238.v0021f710b_b_f4
4.239.v325750a_96f3b_
4.250.v5a_d993226437
4.257.v5360e8489e8b_
4.269.va_7526f34f306
4.279.vca_c1e2fdd24b_
4.284.v0cc21de03d37
4.290.v6f5e8da_e98b_2
4.297.vcddb_d8a_e4694
4.299.v5ca_eb_6a_f3e6d
4.303.v84089a_708ea_7
4.320.v23537cb_a_b_5c6
4.324.vfd49d010926b_
4.329.v994d3f265d68
4.330.v6fdfc07513e3
4.331.vd925b_f76f3a_c
4.340.ve70636c6590e
4.346.v10401f543622
4.350.v347c3b_8b_9d95
4.354.v321ce67a_1de8
4.355.v3a_fb_fca_b_96d4
4.371.vc7c0c06e8a_f5
4.388.v4f73328eb_d2c
4.409.ve864b_f48b_0f3
4.411.v990b_9d36e74e
4.418.vccc7061f5b_6d