CVE-2024-47806
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-47806 affects the Jenkins OpenId Connect Authentication Plugin versions 4.354.v321ce67a_1de8 and earlier, which fails to validate the aud (Audience) claim of an ID Token. This vulnerability allows attackers to potentially bypass authentication mechanisms, leading to unauthorized administrator access within Jenkins. Organizations using the affected plugin are at high risk due to the potential for significant confidentiality, integrity, and availability impacts. To remediate this issue, it is recommended that users upgrade to a patched version of the plugin as indicated in Jenkins' security advisory. The exploitability score for this vulnerability is rated at 2.2, with a base severity level classified as high (CVSS score of 8.1).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.