Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg
Open redirect vulnerability in Jenkins GitLab Authentication Plugin
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
This issue is caused by an incomplete fix of SECURITY-796.
Permalink: https://github.com/advisories/GHSA-mvq8-hgxh-4v2gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 6 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-mvq8-hgxh-4v2g, CVE-2022-25196
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25196
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833
- http://www.openwall.com/lists/oss-security/2022/02/15/2
- https://www.jenkins.io/security/advisory/2019-08-07/#SECURITY-796
- https://github.com/advisories/GHSA-mvq8-hgxh-4v2g
Affected Packages
maven:org.jenkins-ci.plugins:gitlab-oauth
Affected Version Ranges: <= 1.13No known fixed version