Miggo Logo
Miggo Vulnerability Database
CVE-2025-47889

CVE-2025-47889:
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-47889
GHSA ID
GHSA-p89h-p4ph-4vj6
EPSS Score
0.27115%
CWE
CWE-1390
Published
5/14/2025
Updated
5/16/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:wso2id-oauthmaven<= 1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description clearly indicates that the 'WSO2 Oauth' security realm fails to validate() authentication claims. This points to the WSO2SecurityRealm class as the location of the vulnerability. The doAuthenticate method (or a similarly named method responsible for authentication) within this class is the most probable vulnerable function. Since no patch is available, this analysis is based on the description and common Jenkins plugin development patterns. The confidence is medium because the exact function name and its parameters cannot be confirmed without source code or a patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In J*nkins WSO* O*ut* Plu*in *.* *n* **rli*r, *ut**nti**tion *l*ims *r* ****pt** wit*out v*li**tion *y t** "WSO* O*ut*" s**urity r**lm, *llowin* un*ut**nti**t** *tt**k*rs to lo* in to *ontroll*rs usin* t*is s**urity r**lm usin* *ny us*rn*m* *n* *ny p

Reasoning

T** vuln*r**ility **s*ription *l**rly in*i**t*s t**t t** 'WSO* O*ut*' s**urity r**lm **ils to `v*li**t*()` *ut**nti**tion *l*ims. T*is points to t** `WSO*S**urityR**lm` *l*ss *s t** lo**tion o* t** vuln*r**ility. T** `*o*ut**nti**t*` m*t*o* (or * sim