CVE-2025-47889
CVE-2025-47889
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Jenkins Project · Jenkins WSO2 Oauth Plugin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →