Description
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000
Related Vulnerabilities
CVE-2023-33943 Vulnerability in maven package com.liferay:com.liferay.account.admin.web
CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar
CVE-2022-41226 Vulnerability in maven package com.compuware.jenkins:compuware-common-configuration
CVE-2018-1999039 Vulnerability in maven package org.jenkins-ci.plugins:confluence-publisher
CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration