Description
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997
Related Vulnerabilities
CVE-2014-0095 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-23848 Vulnerability in maven package org.alluxio:alluxio-logserver
CVE-2023-25806 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2015-0250 Vulnerability in maven package batik:batik-transcoder
CVE-2016-3081 Vulnerability in maven package org.apache.struts.xwork:xwork-core