Description
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2996
Related Vulnerabilities
CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2014-3681 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai
CVE-2023-34034 Vulnerability in maven package org.springframework.security:spring-security-config
CVE-2018-12545 Vulnerability in maven package org.eclipse.jetty.http2:http2-common