cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24399,https://securityvulnerability.io/vulnerability/CVE-2025-24399,Case Insensitivity Vulnerability in Jenkins OpenId Connect Authentication Plugin,"The Jenkins OpenId Connect Authentication Plugin misinterprets username case sensitivity, enabling attackers to log in as any user. This flaw occurs in versions 4.452.v2849b_d3945fa_ and earlier, affecting Jenkins configurations that utilize case-sensitive OpenID Connect providers. By submitting a username with a different letter casing, an attacker can potentially gain unauthorized access, including administrative privileges, leading to significant security risks.",Jenkins,Jenkins Openid Connect Authentication Plugin,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:52.963Z,0
CVE-2023-50771,https://securityvulnerability.io/vulnerability/CVE-2023-50771,OpenId Connect Authentication Plugin Vulnerability in Jenkins,"The Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier contain a vulnerability that fails to correctly validate the redirect URL after login. This oversight allows malicious actors to redirect users to fraudulent sites, potentially enabling phishing attacks that can compromise sensitive credentials. It is essential for users of affected versions to apply the latest updates to mitigate this risk and enhance security.",Jenkins,Jenkins OpenId Connect Authentication Plugin,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-50770,https://securityvulnerability.io/vulnerability/CVE-2023-50770,OpenId Connect Authentication Plugin Vulnerability in Jenkins,"The Jenkins OpenId Connect Authentication Plugin prior to version 2.6 contains a vulnerability where the password for a local user account is stored in a recoverable format. This design flaw permits attackers with access to the Jenkins controller file system to extract the plain text password easily. Consequently, such attackers could potentially gain unauthorized administrator access to the Jenkins instance, compromising the integrity and security of the environment.",Jenkins,Jenkins OpenId Connect Authentication Plugin,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-24424,https://securityvulnerability.io/vulnerability/CVE-2023-24424,Session Management Flaw in Jenkins OpenId Connect Authentication Plugin,"The Jenkins OpenId Connect Authentication Plugin versions 2.4 and earlier suffer from a session management vulnerability where the application does not properly invalidate the previous session upon user login. This flaw allows an attacker to potentially exploit existing session tokens, which can lead to unauthorized access to user accounts and sensitive information. It is critical for users to ensure that their installations of this plugin are updated to mitigate this risk and enhance their overall security posture.",Jenkins,Jenkins OpenId Connect Authentication Plugin,8.8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2019-1003021,https://securityvulnerability.io/vulnerability/CVE-2019-1003021,,"An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.",Jenkins,Jenkins Openid Connect Authentication Plugin,4.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0