Jenkins Keycloak Authentication Plugin CSRF Vulnerability: Account Hijacking via Login Impersonation

Jenkins Keycloak Authentication Plugin CSRF Vulnerability: Account Hijacking via Login Impersonation

CVE-2023-24457 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

Learn more about our User Device Pen Test.