{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T20:41:59.919","vulnerabilities":[{"cve":{"id":"CVE-2024-47806","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2024-10-02T16:15:10.807","lastModified":"2025-05-06T21:14:25.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins."},{"lang":"es","value":"El complemento de autenticación Jenkins OpenId Connect 4.354.v321ce67a_1de8 y versiones anteriores no verifica la declaración `aud` (Audiencia) de un token de identificación, lo que permite a los atacantes subvertir el flujo de autenticación y potencialmente obtener acceso de administrador a Jenkins."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:openid_connect_authentication:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"4.355.v3a_fb_fca_b_96d4","matchCriteriaId":"DC90B73C-2FD6-45F9-8B70-E7FFDE6F1344"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3441%20(1)","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}}]}