nvd-json-data-feeds/CVE-2025/CVE-2025-243xx/CVE-2025-24399.json

{
  "id": "CVE-2025-24399",
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "published": "2025-01-22T17:15:13.853",
  "lastModified": "2025-02-18T20:15:31.523",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins."
    },
    {
      "lang": "es",
      "value": "El complemento de autenticaci\u00f3n de Jenkins OpenId Connect 4.452.v2849b_d3945fa_ y anteriores, excepto 4.438.440.v3f5f201de5dc, trata los nombres de usuario como si no distinguieran entre may\u00fasculas y min\u00fasculas, lo que permite a los atacantes en instancias de Jenkins configuradas con un proveedor de OpenID Connect que distinga entre may\u00fasculas y min\u00fasculas iniciar sesi\u00f3n como cualquier usuario al proporcionar un nombre de usuario que difiere solo en may\u00fasculas y min\u00fasculas, lo que potencialmente les permite obtener acceso de administrador a Jenkins."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3461",
      "source": "jenkinsci-cert@googlegroups.com"
    }
  ]
}