CVE-2024-47806

Vulnerability Description

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.

Vulnerability Details

Published Date

October 02, 2024

Last Modified

May 06, 2025

Source

NVD

CVE-2024-47806

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment