Description
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000
Related Vulnerabilities
CVE-2019-13173 Vulnerability in maven package org.webjars.npm:fstream
CVE-2021-26118 Vulnerability in maven package org.apache.activemq:artemis-openwire-protocol
CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater
CVE-2023-32314 Vulnerability in npm package vm2
CVE-2021-41766 Vulnerability in maven package org.apache.karaf:apache-karaf