CVE-2023-24444

Description

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

Affected packages (1)

• Maven/org.jenkins-ci.plugins:openidfrom 0, <= 2.4

References (2)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24444
• WEBhttps://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2996