Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2022-32532 Vulnerability in maven package org.apache.shiro:shiro-core

CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass

CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j

CVE-2011-5063 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-33683 Vulnerability in maven package org.apache.pulsar:pulsar-broker

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Tags

Vendor Advisory NVD-CWE-Other