threat
engine
.sh
Back
·
··:··
Home
/
Product
/
jenkins openid
Product
jenkins openid
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-50770
<= 2.6
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout fea
6.7
MEDIUM
CVE-2023-24446
<= 2.4
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into lo
8.8
HIGH
CVE-2023-24445
<= 2.4
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
6.1
MEDIUM
CVE-2023-24444
<= 2.4
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
9.8
CRITICAL
CVE-2008-3280
all versions
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predic
5.9
MEDIUM
CVE-2019-11027
<= 2.8.0
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to int
9.8
CRITICAL
CVE-2019-1003099
<= 2.3
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method
6.5
MEDIUM
CVE-2019-1003098
all versions
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form v
6.5
MEDIUM
CVE-2019-9837
>= 1.4.0 and < 1.5.4
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via
6.1
MEDIUM
CVE-2011-4314
<= 0.9.5.593
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, St
CVE-2010-3686
all versions
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol
CVE-2010-3685
all versions
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol
CVE-2010-3091
all versions
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol
CVE-2008-6836
all versions
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hija
CVE-2008-6835
all versions
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbi
CVE-2008-0570
all versions
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which all
CVE-2007-5173
all versions
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers t
CVE-2007-1652
all versions
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this
CVE-2007-1651
all versions
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an Ope
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin