cve/CVE-2024-47807.md at 1d6c9cc2d32011b4067709e82e65c19a7c3a8db8

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the iss (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

POC

Reference

No PoCs from references.

Github

https://github.com/fkie-cad/nvd-json-data-feeds

748 B Raw Blame History

CVE-2024-47807

Description

POC

Reference

Github

748 B

Raw Blame History