Cas

cas

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-32997 1Jenkins 1Cas Jan 23, 2025 May 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
CVE-2021-21673 1Jenkins 1Cas Nov 21, 2024 Jun 30, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVE-2018-1000188 1Jenkins 1Cas Nov 21, 2024 Jun 5, 2018 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.