Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

Published

2025-05-14T21:15:59.843

Last Modified

2025-06-12T13:23:31.790

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	wso2_oauth	≤ 1.0	Yes

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481 Vendor Advisory ([email protected])