CVE-2023-33005: Jenkins WSO2 Oauth Plugin Session Fixation vulnerability

May 16, 2023 (updated May 17, 2023)

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

References

github.com/advisories/GHSA-xxq2-74hw-vg6m
nvd.nist.gov/vuln/detail/CVE-2023-33005
www.jenkins.io/security/advisory/2023-05-16/

Detect and mitigate CVE-2023-33005 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →