Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin
Moderate severity
GitHub Reviewed
Published
Dec 13, 2023
to the GitHub Advisory Database
•
Updated Nov 15, 2024
Description
Published by the National Vulnerability Database
Dec 13, 2023
Published to the GitHub Advisory Database
Dec 13, 2023
Reviewed
Dec 13, 2023
Last updated
Nov 15, 2024
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
References