Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-35gf-xjgf-96c5

Опубликовано: 12 июл. 2023
Источник: github
Github: Прошло ревью
CVSS3: 4.3

Описание

Jenkins OpenShift Login Plugin vulnerable to Open Redirect

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication.

OpenShift Login Plugin 1.1.0.230.v5d7030b_f5432 only redirects to relative (Jenkins) URLs.

Ссылки

Пакеты

Наименование

org.openshift.jenkins:openshift-login

maven
Затронутые версииВерсия исправления

< 1.1.0.230.v5d7030b

1.1.0.230.v5d7030b

EPSS

Процентиль: 24%
0.00082
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-37947

Дефекты

CWE-601

Связанные уязвимости

redhat логотип

CVE-2023-37947

CVSS3: 4.3
redhat
больше 2 лет назад

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

nvd логотип

CVE-2023-37947

CVSS3: 6.1
nvd
больше 2 лет назад

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

EPSS

Процентиль: 24%
0.00082
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-37947

Дефекты

CWE-601