CVE-2025-24399 Information
Jan 23, 2025
cve
Description
Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier except 4.438.440.v3f5f201de5dc treats usernames as case-insensitive allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case potentially gaining administrator access to Jenkins.
Reference
https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3461
Share on: