Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2016-6812 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_3

CVE-2022-41233 Vulnerability in maven package org.jenkins-ci.plugins:rundeck

CVE-2021-36161 Vulnerability in maven package org.apache.dubbo:dubbo-common

CVE-2019-10289 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Tags

Vendor Advisory NVD-CWE-Other