Description
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000
Related Vulnerabilities
CVE-2020-10688 Vulnerability in maven package org.jboss.resteasy:resteasy-core
CVE-2022-24785 Vulnerability in maven package org.webjars.npm:moment
CVE-2019-16771 Vulnerability in maven package com.linecorp.armeria:armeria
CVE-2018-1000197 Vulnerability in maven package com.blackducksoftware.integration:blackduck-hub
CVE-2023-2196 Vulnerability in maven package org.jenkins-ci.plugins:codedx