Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wZzU5LTJ3MzMtOHZtY84AAhnl
Jenkins Gitlab Authentication Plugin Open Redirect vulnerability
GitLab Authentication Plugin records the HTTP Referer
header when the authentication process starts and redirects users to that URL when the user has finished logging in.
This implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to Jenkins.
Permalink: https://github.com/advisories/GHSA-pg59-2w33-8vmcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZzU5LTJ3MzMtOHZtY84AAhnl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-pg59-2w33-8vmc, CVE-2019-10372
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10372
- https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796
- http://www.openwall.com/lists/oss-security/2019/08/07/1
- https://github.com/jenkinsci/gitlab-oauth-plugin/commit/10059a4d4e121e0c3b13f6e6f74843565bb0b49a
- https://github.com/advisories/GHSA-pg59-2w33-8vmc
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:gitlab-oauth
Affected Version Ranges: <= 1.4Fixed in: 1.5