CVE-2023-24424
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin in maven/org.jenkins-ci.plugins/oic-auth
Identifiers
GHSA-vxmh-p52j-h33m, CVE-2023-24424
Package Slug
maven/org.jenkins-ci.plugins/oic-auth
Vulnerability
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Description
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
Affected Versions
All versions before 2.5
Solution
Upgrade to version 2.5 or above.
Last Modified
2023-01-27
| source |