CVE-2024-47806

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 2, 2024

Updated: Oct 4, 2024

CWE ID 287

Summary

CVE-2024-47806 is a vulnerability affecting the Jenkins OpenId Connect Authentication Plugin version 4.354.v321ce67a_1de8 and earlier. This issue permits attackers to bypass the authentication flow by not checking the `aud` (Audience) claim in an ID Token. Successful exploitation could lead to unauthorized administrator access to Jenkins systems. Organizations using the Jenkins OpenId Connect Authentication Plugin are urged to update to the latest version to mitigate this risk. Failure to do so may expose sensitive information and grant attackers unauthorized control.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Jenkins Openid Connect Authentication

Affected Vendors

Jenkins

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners