Description
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997
Related Vulnerabilities
CVE-2022-22963 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-core
CVE-2015-5204 Vulnerability in npm package cordova-plugin-file-transfer
CVE-2021-21351 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-36896 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader
CVE-2023-32989 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents