GHSA-9963-gmh8-vvm6, CVE-2023-24456
maven/org.jenkins-ci.plugins/keycloak
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
All versions up to 2.3.0
Unfortunately, there is no solution available yet.
2023-01-27
source |