Description
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000
Related Vulnerabilities
CVE-2022-34169 Vulnerability in maven package xalan:xalan
CVE-2022-42920 Vulnerability in maven package org.apache.bcel:bcel
CVE-2017-3523 Vulnerability in maven package mysql:mysql-connector-java
CVE-2017-1000503 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-1000397 Vulnerability in maven package org.jenkins-ci.main:maven-plugin