CVE-2024-47806

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 2, 2024
Updated: Oct 4, 2024
CWE ID 287

Summary

CVE-2024-47806 affects the Jenkins OpenId Connect Authentication Plugin versions 4.354.v321ce67a_1de8 and earlier, which fails to validate the aud (Audience) claim of an ID Token. This vulnerability allows attackers to potentially bypass authentication mechanisms, leading to unauthorized administrator access within Jenkins. Organizations using the affected plugin are at high risk due to the potential for significant confidentiality, integrity, and availability impacts. To remediate this issue, it is recommended that users upgrade to a patched version of the plugin as indicated in Jenkins' security advisory. The exploitability score for this vulnerability is rated at 2.2, with a base severity level classified as high (CVSS score of 8.1).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share