Phishing Vulnerability in Jenkins OpenShift Login Plugin
CVE-2023-37947

6.1MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Openshift Login Plugin
Vendor
CVE Published:
12 July 2023

What is CVE-2023-37947?

The Jenkins OpenShift Login Plugin prior to version 1.1.0.227.v27e08dfb_1a_20 has a vulnerability that permits attackers to manipulate redirect URLs post-login. Due to improper validation of redirect URLs, the plugin may erroneously consider them legitimate, which potentially allows attackers to conduct phishing attacks. This concern emphasizes the need for users to be cautious of login redirections and to ensure they are correctly verified to avoid unauthorized access or data compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins OpenShift Login Plugin 0 <= 1.1.0.227.v27e08dfb_1a_20

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.