Improper Redirect Vulnerability in Jenkins OpenID Plugin by Jenkins
CVE-2023-24445

6.1MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins OpenID Plugin
Vendor: CVE Published:; 26 January 2023

Summary

The Jenkins OpenID Plugin versions up to 2.4 are vulnerable due to improper handling of redirect URLs following user login. This vulnerability can permit a malicious actor to redirect users to unintended locations, potentially leading to phishing attacks or unauthorized actions within the Jenkins environment. It is essential for users of affected versions to update to mitigate the risks posed by this security flaw.

Affected Version(s)

Jenkins OpenID Plugin <= 2.4

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023