Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2019-17563 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-1627 Vulnerability in maven package org.mule.runtime:mule
CVE-2023-50772 Vulnerability in maven package com.zintow:dingding-json-pusher
CVE-2021-35516 Vulnerability in maven package org.apache.commons:commons-compress