Maven package
org.jenkins-ci.plugins/cas-plugin
pkg:maven/org.jenkins-ci.plugins/cas-plugin
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32997 | — | < 1.6.3 | 1.6.3 | May 16, 2023 | Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | ||
| CVE-2021-21673 | — | < 1.6.1 | 1.6.1 | Jun 30, 2021 | Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||
| CVE-2018-1000188 | — | < 1.4.2 | 1.4.2 | Jun 5, 2018 | A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
- CVE-2023-32997May 16, 2023affected < 1.6.3fixed 1.6.3
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
- CVE-2021-21673Jun 30, 2021affected < 1.6.1fixed 1.6.1
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
- CVE-2018-1000188Jun 5, 2018affected < 1.4.2fixed 1.4.2
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.