CVE-2019-10372

The CVE-2019-10372 issue affects Jenkins with the Gitlab Authentication Plugin (version 1.4 and earlier). The root cause is in GitLabSecurityRealm.java, where the plugin redirects users to a URL outside Jenkins after successful login, enabling an open redirect. Public sources in the connected doc...

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

CVE-2019-10371

CVE-2019-10371 describes a session fixation vulnerability in Jenkins Gitlab Authentication Plugin versions 1.4 and earlier, arising from GitLabSecurityRealm.java that allows an attacker who can control the pre-authentication session to impersonate another user. Affected software: Jenkins Gitlab A...

PT-2019-11767 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin version 1.4 and earlier Description: A session fixation issue allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. This is due to a vulnerability in...

PT-2019-11768 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin version 1.4 and earlier Description: The issue allows attackers to redirect users to a URL outside Jenkins after a successful login, implementing an open redirect. This can be used by malicious sites to...