Advisories for Maven/Org.jenkins-Ci.plugins/Keycloak package

2023

Session fixation vulnerability in Jenkins Keycloak Authentication Plugin

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

Cross-Site Request Forgery (CSRF)

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.