CVE-2016-3726 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Remediation

References

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://access.redhat.com/errata/RHSA-2016:1206

http://rhn.redhat.com/errata/RHSA-2016-1773.html

Related Vulnerabilities

CVE-2020-2184 Vulnerability in maven package org.jenkins-ci.plugins:cvs

CVE-2023-34455 Vulnerability in maven package org.xerial.snappy:snappy-java

CVE-2019-16543 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

CVE-2012-2378 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.11

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N