cvedb.io
CVE-2025-47889
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-05-14T21:15:59.843 · Last modified 2026-06-17T09:28:48.310

Summary

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

Affected products

jenkins — wso2_oauth

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.