Lucene search

K
githubGitHub Advisory DatabaseGHSA-35GF-XJGF-96C5
HistoryJul 12, 2023 - 6:30 p.m.

Jenkins OpenShift Login Plugin vulnerable to Open Redirect

2023-07-1218:30:38
CWE-601
GitHub Advisory Database
github.com
9
jenkins
openshift
login plugin
vulnerability
redirect
authentication
phishing
software

0.0005 Low

EPSS

Percentile

16.0%

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication.

OpenShift Login Plugin 1.1.0.230.v5d7030b_f5432 only redirects to relative (Jenkins) URLs.

0.0005 Low

EPSS

Percentile

16.0%

Related for GHSA-35GF-XJGF-96C5