5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
18.3%
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the existing session on login.
This allows attackers to use social engineering techniques to gain administrator access to Jenkins.
As of publication of this advisory, there is no fix.
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.plugins:wso2id-oauth | le | 1.0 |