CVE-2023-24445 - OpenCVE

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

No CVSS v3.0

No CVSS v2

Vendors	Products
Jenkins	Openid

Configuration 1 [-]

cpe:2.3:a:jenkins:openid:*:*:*:*:*:jenkins:*:*

References

Link	Resource
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2023-01-24T00:00:00

Updated: 2023-10-24T12:48:36.594Z

Reserved: 2023-01-23T00:00:00

Link: CVE-2023-24445

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-26T21:18:18.150

Modified: 2023-02-02T16:20:50.117

Link: CVE-2023-24445

JSON object: View

Redhat Information

No data.

CWE