VYPR

Maven package

org.openshift.jenkins/openshift-login

pkg:maven/org.openshift.jenkins/openshift-login

Vulnerabilities (2)

  • CVE-2023-37947Jul 12, 2023
    affected < 1.1.0.230.v5d7030bfixed 1.1.0.230.v5d7030b

    Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

  • CVE-2023-37946Jul 12, 2023
    affected < 1.1.0.230.v5d7030bfixed 1.1.0.230.v5d7030b

    Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.