CVE-2023-24444
Session fixation vulnerability in Jenkins OpenID Plugin in maven/org.jenkins-ci.plugins/openid
Identifiers
GHSA-f976-24hc-mjvr, CVE-2023-24444
Package Slug
maven/org.jenkins-ci.plugins/openid
Vulnerability
Session fixation vulnerability in Jenkins OpenID Plugin
Description
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
Affected Versions
All versions up to 2.4
Solution
Unfortunately, there is no solution available yet.
Last Modified
2023-01-27
| source |