Description
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796
Related Vulnerabilities
CVE-2020-7743 Vulnerability in maven package org.webjars.npm:mathjs
CVE-2020-7774 Vulnerability in npm package y18n
CVE-2019-1003070 Vulnerability in maven package org.jenkins-ci.plugins:veracode-scanner
CVE-2021-29459 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-client-all