GHSA-vxmh-p52j-h33m, CVE-2023-24424
maven/org.jenkins-ci.plugins/oic-auth
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
All versions before 2.5
Upgrade to version 2.5 or above.
2023-01-27
source |