CVE-2025-24399

HIGH Year: 2025
CVSS v3 Score
8.8
High
Weakness Type
CWE-276
View all →

Vulnerability Description

Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins.

Related Vulnerabilities

CVE-2006-5014

HIGH
CVSS:8.8(High)

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

CWE-2762006

CVE-2012-4434

HIGH
CVSS:8.8(High)

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.

CWE-2762012

CVE-2014-2721

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2722

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2723

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2015-9474

HIGH
CVSS:8.8(High)

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

CWE-2762015