Description
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997
Related Vulnerabilities
CVE-2022-36920 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2023-32070 Vulnerability in maven package org.xwiki.platform:xwiki-core-rendering-api
CVE-2021-20334 Vulnerability in npm package mongodb-js-metrics
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_3