Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis

CVE-2022-43432 Vulnerability in maven package org.jenkins-ci.plugins:xframium

CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxb-provider

CVE-2012-4534 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2019-10353 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Tags

Vendor Advisory NVD-CWE-Other