GHSA-f976-24hc-mjvr, CVE-2023-24444
maven/org.jenkins-ci.plugins/openid
Session fixation vulnerability in Jenkins OpenID Plugin
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
All versions up to 2.4
Unfortunately, there is no solution available yet.
2023-01-27
source |