GHSA-mvq8-hgxh-4v2g

Опубликовано: 16 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Open redirect vulnerability in Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

This issue is caused by an incomplete fix of SECURITY-796.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:gitlab-oauth

maven

Затронутые версииВерсия исправления

<= 1.13

Отсутствует

EPSS

Процентиль: 18%

0.00059

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-25196

Дефекты

CWE-601

Связанные уязвимости

CVE-2022-25196

CVSS3: 5.4

nvd

почти 4 года назад

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

EPSS

Процентиль: 18%

0.00059

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-25196

Дефекты

CWE-601