CVE-2024-47806 | THREATINT

Description

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

PUBLISHED Reserved 2024-10-01 | Published 2024-10-02 | Updated 2024-10-02 | Assigner jenkins

Product status

Default status

unaffected

Any version

affected

References

www.jenkins.io/security/advisory/2024-10-02/ (Jenkins Security Advisory 2024-10-02) vendor-advisory

cve.org (CVE-2024-47806)

nvd.nist.gov (CVE-2024-47806)

Download JSON