6 matches found
CVE-2026-53436
A flaw was found in Jenkins. The system improperly validates redirect URLs after login, specifically when they contain relative path segments such as ./ or ../. This vulnerability allows attackers to craft malicious URLs that appear legitimate, leading to successful phishing attacks against users...
BIT-JENKINS-2026-53436
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...
PT-2026-48421
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description An open redirect issue exists where the software improperly validates redirect URLs after login. When a URL contains relative path segments such as ./ or ../, th...
CVE-2023-25264
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...
Authentication flaw
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...
CVE-2023-25264
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...