Skip to content

Commit

Permalink
correct CVE-2023-50771
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Nov 15, 2024
1 parent 7bffe5a commit 4ba39a9
Showing 1 changed file with 47 additions and 0 deletions.
47 changes: 47 additions & 0 deletions data/anchore/2023/CVE-2023-50771.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"additionalMetadata": {
"cna": "jenkins",
"cveId": "CVE-2023-50771",
"description": "Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.",
"reason": "Fix incorrect CPE that was pointing to jenkins openid plugin rather than oic-auth. Also adds the fixed in version",
"references": [
"http://www.openwall.com/lists/oss-security/2023/12/13/4",
"https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-2979"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:jenkins:openid_connect_authentication:*:*:*:*:*:jenkins:*:*",
"cpe:2.3:a:org.jenkins-ci.plugins:oic-auth:*:*:*:*:*:jenkins:*:*"
],
"product": "Jenkins OpenId Connect Authentication Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/jenkinsci/oic-auth-plugin/pull/261"
},
{
"url": "https://github.com/jenkinsci/oic-auth-plugin/commit/a97a4041f39c85aa746c047ac14ee69199dadf05"
},
{
"url": "https://github.com/jenkins-infra/update-center2/pull/767"
}
]
}
}

0 comments on commit 4ba39a9

Please sign in to comment.