Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2014-8122 Vulnerability in maven package org.jboss.weld:weld-core-impl

CVE-2016-4433 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-41037 Vulnerability in maven package org.webjars.bowergithub.openpgpjs:openpgpjs

CVE-2023-2422 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Tags

Vendor Advisory NVD-CWE-Other