A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

Affected Packages

Maven org.jenkins-ci.plugins:openid

Affected versions: 0 (last affected: 2.4)

Related CVEs

CVE-2023-24446

Key Information

GHSA ID

GHSA-96jv-c7m6-q43g

Published

January 26, 2023 9:30 PM

Last Modified

February 3, 2023 8:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:openid

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.