3 matches found
CVE-2021-21673
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...
CVE-2021-21673
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...
CVE-2021-21673
CVE-2021-21673 affects the Jenkins CAS Plugin up to version 1.6.0. The root cause is improper determination of a redirect URL after login, allowing phishing by redirecting users to an attacker-controlled site. Public disclosures (GHSA-2VVR-5757-QP87, OSV, NVD) note that Jenkins CAS Plugin 1.6.1 f...