Lucene search
JenkinsCVELIST:CVE-2022-25196HistoryFeb 15, 2022 - 4:11 p.m.
CVE-2022-25196
2022-02-1516:11:26
jenkins
www.cve.org
1
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
CNA Affected
[
{
"product": "Jenkins GitLab Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.13",
"versionType": "custom"
}
]
}
]Related
osv
osv
Open redirect vulnerability in Jenkins GitLab Authentication Plugin
2022-02-16 00:01:22
CVE-2022-25196
2022-02-15 17:15:10
nvd
nvd
CVE-2022-25196
2022-02-15 17:15:10
cve
cve
CVE-2022-25196
2022-02-15 17:15:10
github
github
Open redirect vulnerability in Jenkins GitLab Authentication Plugin
2022-02-16 00:01:22
prion
prion
Authentication flaw
2022-02-15 17:15:00
cnvd
cnvd
Jenkins GitLab Authentication Plugin User Redirection Vulnerability
2022-03-03 00:00:00
