CVE-2025-47889 | THREATINT

Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

PUBLISHED Reserved 2025-05-13 | Published 2025-05-14 | Updated 2025-05-19 | Assigner jenkins

Product status

Default status

unknown

1.0

affected

References

www.jenkins.io/security/advisory/2025-05-14/ (Jenkins Security Advisory 2025-05-14) vendor-advisory

cve.org (CVE-2025-47889)

nvd.nist.gov (CVE-2025-47889)

Download JSON