Jenkins - Keycloak Authentication CVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Keycloak Authentication Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-24457	1 Jenkins	1 Keycloak Authentication	2023-10-24	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2023-24456	1 Jenkins	1 Keycloak Authentication	2023-10-24	9.8 Critical
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

Page 1 of 1.