Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg

Open redirect vulnerability in Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

This issue is caused by an incomplete fix of SECURITY-796.

Permalink: https://github.com/advisories/GHSA-mvq8-hgxh-4v2g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 7 months ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-mvq8-hgxh-4v2g, CVE-2022-25196
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:gitlab-oauth
Affected Version Ranges: <= 1.13
No known fixed version