Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2023-49804 Vulnerability in npm package uptime-kuma
CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2023-29507 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-49372 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-34210 Vulnerability in maven package org.jenkins-ci.plugins:threadfix