An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg

Open redirect vulnerability in Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

This issue is caused by an incomplete fix of SECURITY-796.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 7 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-mvq8-hgxh-4v2g, CVE-2022-25196
References: Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 1.13
No known fixed version