CVE-2025-47889 (GCVE-0-2025-47889)

Vulnerability from cvelistv5 – Published: 2025-05-14 20:35 – Updated: 2025-05-19 15:25
VLAI?
Summary
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Jenkins Project Jenkins WSO2 Oauth Plugin Affected: 1.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T20:13:06.225322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T15:25:14.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Jenkins WSO2 Oauth Plugin",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the \"WSO2 Oauth\" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-14T20:35:58.095Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "Jenkins Security Advisory 2025-05-14",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2025-47889",
    "datePublished": "2025-05-14T20:35:58.095Z",
    "dateReserved": "2025-05-13T12:21:13.541Z",
    "dateUpdated": "2025-05-19T15:25:14.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-47889\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2025-05-14T21:15:59.843\",\"lastModified\":\"2025-06-12T13:23:31.790\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the \\\"WSO2 Oauth\\\" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.\"},{\"lang\":\"es\",\"value\":\"Jenkins WSO2 Oauth Plugin 1.0 y versiones anteriores, las solicitudes de autenticaci\u00f3n se aceptan sin validaci\u00f3n por el \u00e1mbito de seguridad \\\"WSO2 Oauth\\\", lo que permite que atacantes no autenticados inicien sesi\u00f3n en los controladores que utilizan este \u00e1mbito de seguridad con cualquier nombre de usuario y cualquier contrase\u00f1a, incluidos nombres de usuario que no existen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:wso2_oauth:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"EB3DFEA2-97B4-43FE-86E2-A46E1CEC729B\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47889\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T20:13:06.225322Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T20:12:57.143Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Jenkins Project\", \"product\": \"Jenkins WSO2 Oauth Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481\", \"name\": \"Jenkins Security Advisory 2025-05-14\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the \\\"WSO2 Oauth\\\" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.\"}], \"providerMetadata\": {\"orgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"shortName\": \"jenkins\", \"dateUpdated\": \"2025-05-14T20:35:58.095Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-47889\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-19T15:25:14.896Z\", \"dateReserved\": \"2025-05-13T12:21:13.541Z\", \"assignerOrgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"datePublished\": \"2025-05-14T20:35:58.095Z\", \"assignerShortName\": \"jenkins\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.