Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2023-24454 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater

CVE-2019-1003020 Vulnerability in maven package org.jenkins-ci.plugins:kanboard

CVE-2019-12400 Vulnerability in maven package org.apache.santuario:xmlsec

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2020-1913 Vulnerability in npm package hermes-engine

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Tags

Vendor Advisory NVD-CWE-Other