CVE-2021-21673

2021-06-3017:15:09

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CPENameOperatorVersion
cas-plugineqcas-plugin-1.6.0
cas-plugineqcas-plugin-1.4.3
cas-plugineqcas-plugin-1.1.1
cas-plugineqcas-plugin-1.4.0
cas-plugineqcas-plugin-1.1.2
cas-plugineqcas-plugin-1.4.2
cas-plugineqcas-plugin-1.3.0
cas-plugineqcas-plugin-1.0.0
cas-plugineqcas-plugin-1.1.0
cas-plugineqcas-plugin-1.2.0

Name	Operator	Version
cas-plugin	eq	cas-plugin-1.6.0
cas-plugin	eq	cas-plugin-1.4.3
cas-plugin	eq	cas-plugin-1.1.1
cas-plugin	eq	cas-plugin-1.4.0
cas-plugin	eq	cas-plugin-1.1.2
cas-plugin	eq	cas-plugin-1.4.2
cas-plugin	eq	cas-plugin-1.3.0
cas-plugin	eq	cas-plugin-1.0.0
cas-plugin	eq	cas-plugin-1.1.0
cas-plugin	eq	cas-plugin-1.2.0