CVE-2023-33005 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-33005

CWE

https://cwe.mitre.org/data/definitions/613.html

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Wso2_oauth	Jenkins	*	1.0 (including)

Potential Mitigations

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2991
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2991