Rewterz Threat Advisory – CVE-2023-24424 – Jenkins OpenId Connect Authentication Plugin Vulnerability
January 26, 2023Rewterz Threat Alert – Trickbot Malware – Active IOCs
January 26, 2023Rewterz Threat Advisory – CVE-2023-24424 – Jenkins OpenId Connect Authentication Plugin Vulnerability
January 26, 2023Rewterz Threat Alert – Trickbot Malware – Active IOCs
January 26, 2023Severity
High
Analysis Summary
CVE-2023-24426
Jenkins Azure AD Plugin could allow a remote attacker to bypass security restrictions, caused by not invalidate the existing session on login. By utilize social engineering attack techniques, an attacker could exploit this vulnerability to gain administrator access to Jenkins.
Impact
- Security Bypass
Indicators Of Compromise
CVE
CVE-2023-24426
- CVE-2023-24426
Affected Vendors
Jenkins
Affected Products
- Jenkins Azure AD Plugin 303.va_91ef20ee49f
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.