Jenkins Openid Connect Authentication Plugin CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Jenkins Project Subscriptions

Filtered by product Jenkins Openid Connect Authentication Plugin Subscriptions

Search

Switch to Advanced Search (Beta)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-47806	2 Jenkins, Jenkins Project	2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin	2025-05-06	8.1 High
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
CVE-2024-47807	2 Jenkins, Jenkins Project	2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin	2025-05-06	8.1 High
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

Page 1 of 1.