- Description
- In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Analyzed
- Products
- wso2_oauth
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-287
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2025
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/TBdJTFdQ03 🚨🚨Jenkins Plugin Flaws Expose Critical Risks CVE-2025-47889: Authentication Bypass in WSO2 Oauth Plugin (CVSS 9.8) CVE-2025-47884: Build Token Impersonation via OpenID Connect Provider Plugin (CVSS
@zoomeye_team
16 May 2025
692 Impressions
4 Retweets
7 Likes
4 Bookmarks
0 Replies
0 Quotes
Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass https://t.co/LIYjXTPU0Z
@Dinosn
16 May 2025
7244 Impressions
45 Retweets
145 Likes
41 Bookmarks
0 Replies
0 Quotes
Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass https://t.co/MsggZqiuq4
@the_yellow_fall
16 May 2025
2655 Impressions
21 Retweets
50 Likes
8 Bookmarks
0 Replies
3 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:wso2_oauth:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "EB3DFEA2-97B4-43FE-86E2-A46E1CEC729B",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]