Security Advisory

CVE-2024-47806

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-02 15:35:04

Last updated 2024-10-02 16:37:13

Assigner jenkins

State PUBLISHED

Description

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

← Browse all CVEs View on cve.org ↗