Skip to main content

Wso2 Oauth

5 CVEs product

Monthly

CVE-2025-47889 Maven CRITICAL Act Now

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wso2 Oauth
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-33006 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Wso2 Oauth
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-33005 Maven MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30528 Maven MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30527 Maven MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wso2 Oauth
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Wso2 Oauth
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy