VYPR
High severityNVD Advisory· Published May 14, 2025· Updated May 19, 2025

CVE-2025-47889

CVE-2025-47889

Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:wso2id-oauthMaven
<= 1.0

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1