Description
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1805)
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)
WordPress Plugin Better Click To Tweet Unspecified Vulnerability (5.1)
WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)