Rewterz Threat Advisory –Multiple Jenkins Semantic Versioning Plugin Vulnerabilities
January 26, 2023Rewterz Threat Advisory – CVE-2023-24426 – Jenkins Azure AD Plugin Vulnerability
January 26, 2023Rewterz Threat Advisory –Multiple Jenkins Semantic Versioning Plugin Vulnerabilities
January 26, 2023Rewterz Threat Advisory – CVE-2023-24426 – Jenkins Azure AD Plugin Vulnerability
January 26, 2023Severity
High
Analysis Summary
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin could allow a remote attacker to bypass security restrictions, caused by not invalidate the existing session on login. By utilize social engineering attack techniques, an attacker could exploit this vulnerability to gain administrator access to Jenkins.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-24424
Affected Vendors
Jenkins
Affected Products
- Jenkins OpenId Connect Authentication Plugin 2.4
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.