Security Advisory

CVE-2025-47889

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-14 20:35:58

Last updated 2025-05-19 15:25:14

Assigner jenkins

State PUBLISHED

Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

← Browse all CVEs View on cve.org ↗