2 matches found
CVE-2026-53440
A flaw was found in Jenkins. This vulnerability allows a remote attacker to perform phishing attacks. The 'Delegate to servlet container' security realm does not properly validate the 'from' parameter, which can be manipulated to redirect users to an attacker-controlled domain after they log in...
EUVD-2026-36024
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...