CVE-2019-1003019 – org.jenkins-ci.plugins:github-oauth

Package

Manager: maven
Name: org.jenkins-ci.plugins:github-oauth
Vulnerable Version: >=0 <0.31

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00032 pctl0.07676

Details

GitHub Authentication Plugin session fixation vulnerability An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

Metadata

Created: 2022-05-13T01:31:34Z
Modified: 2024-01-09T22:38:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mcqx-wc2j-qx9v/GHSA-mcqx-wc2j-qx9v.json
CWE IDs: ["CWE-384"]
Alternative ID: GHSA-mcqx-wc2j-qx9v
Finding: F280
Auto approve: 1