Jenkins Opentelemetry Plugin
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24444 | Cri | 0.64 | 9.8 | 0.01 | Jan 26, 2023 | Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | ||
| CVE-2023-24446 | Hig | 0.57 | 8.8 | 0.01 | Jan 26, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | ||
| CVE-2019-1003094 | Med | 0.42 | 6.5 | 0.01 | Apr 4, 2019 | Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||
| CVE-2023-24445 | Med | 0.40 | 6.1 | 0.01 | Jan 26, 2023 | Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||
| CVE-2019-1003099 | Med | 0.35 | 6.5 | 0.02 | Apr 4, 2019 | A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||
| CVE-2019-1003098 | Med | 0.35 | 6.5 | 0.01 | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | ||
| CVE-2025-58460 | 0.00 | — | 0.00 | Sep 3, 2025 | A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials… |
- risk 0.64cvss 9.8epss 0.01
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.
- risk 0.42cvss 6.5epss 0.01
Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- risk 0.40cvss 6.1epss 0.01
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
- risk 0.35cvss 6.5epss 0.02
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- risk 0.35cvss 6.5epss 0.01
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
- CVE-2025-58460Sep 3, 2025risk 0.00cvss —epss 0.00
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials…