pkg:maven/org.jenkins-ci.plugins/wso2id-oauth
Type
maven
Namespace
org.jenkins-ci.plugins
Name
wso2id-oauth
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/wso2id-oauth package.
High
2
Moderate
1
Medium
1
Low
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.0 |
CVE-2023-33006
|
JENKINS:SECURITY-2990 | CSRF vulnerability in `wso2id-oauth` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 1.0 |
CVE-2023-33005
|
JENKINS:SECURITY-2991 | Session fixation vulnerability in `wso2id-oauth` | high |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 1.0 |
CVE-2023-30527
CVE-2023-30528 |
JENKINS:SECURITY-2992 | Client secret stored and displayed in plain text by `wso2id-oauth` | low |
2023-04-12T00:00:00
(17 months ago) |
|
Affected | <= 1.0 |
CVE-2023-33006
|
MAVEN:GHSA-7XGJ-J9HP-C692 | Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability | moderate |
2023-05-16T18:30:16
(16 months ago) |
|
Affected | <= 1.0 |
CVE-2023-30527
|
MAVEN:GHSA-G472-F8CM-8X5F | Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller | low |
2023-04-12T18:30:36
(17 months ago) |
|
Affected | <= 1.0 |
CVE-2023-30528
|
MAVEN:GHSA-Q9HM-HR89-HGM7 | Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form | low |
2023-04-12T18:30:36
(17 months ago) |
|
Affected | <= 1.0 |
CVE-2023-33005
|
MAVEN:GHSA-XXQ2-74HW-VG6M | Jenkins WSO2 Oauth Plugin Session Fixation vulnerability | high |
2023-05-16T18:30:16
(16 months ago) |