Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software. https://www.jenkins.io/security/advisory/2023-07-12/ SECURITY-2998 / CVE-2023-37946 OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins.
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.13 Via RHSA-2024:0776 https://access.redhat.com/errata/RHSA-2024:0776
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.14 Via RHSA-2024:0777 https://access.redhat.com/errata/RHSA-2024:0777
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2024:0775 https://access.redhat.com/errata/RHSA-2024:0775