High severityNVD Advisory· Published May 14, 2025· Updated May 19, 2025
CVE-2025-47889
CVE-2025-47889
Description
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:wso2id-oauthMaven | <= 1.0 | — |
Affected products
2- Range: 1.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-p89h-p4ph-4vj6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-47889ghsaADVISORY
- www.jenkins.io/security/advisory/2025-05-14/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2025-05-14Jenkins Security Advisories · May 14, 2025