Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Remediation
References
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://access.redhat.com/errata/RHSA-2016:1206
http://rhn.redhat.com/errata/RHSA-2016-1773.html
Related Vulnerabilities
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow
CVE-2023-35166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-help-ui
CVE-2019-1003062 Vulnerability in maven package org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
CVE-2012-0391 Vulnerability in maven package org.apache.struts:struts2-core