2 matches found
CVE-2026-53440
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...
PT-2026-48425
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description The "Delegate to servlet container" security realm fails to validate that the from parameter is a safe destination for redirection after login. This allows...