CVE-2023-24456

Session fixation vulnerability in Jenkins Keycloak Authentication Plugin in maven/org.jenkins-ci.plugins/keycloak

Identifiers

GHSA-9963-gmh8-vvm6, CVE-2023-24456

Package Slug

maven/org.jenkins-ci.plugins/keycloak

Vulnerability

Session fixation vulnerability in Jenkins Keycloak Authentication Plugin

Description

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

Affected Versions

All versions up to 2.3.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source