Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

INFO

Published Date :

2025-05-14T20:35:58.095Z

Last Modified :

2025-05-19T15:25:14.896Z

Source :

jenkins
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47889 vulnerability.

Vendors Products
Jenkins
  • Wso2 Oauth
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47889.

URL Resource
https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact