An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg

Open redirect vulnerability in Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

This issue is caused by an incomplete fix of SECURITY-796.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-mvq8-hgxh-4v2g, CVE-2022-25196

Affected Packages

Versions: <= 1.13
No known fixed version