Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Remediation
References
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://access.redhat.com/errata/RHSA-2016:1206
http://rhn.redhat.com/errata/RHSA-2016-1773.html
Related Vulnerabilities
CVE-2017-5641 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core
CVE-2021-21122 Vulnerability in maven package org.webjars.npm:electron
CVE-2016-3722 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-29208 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-10361 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release