CVE-2019-10372

2019-08-0715:15:12

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

CPENameOperatorVersion
gitlab-oauth-plugineq1.1
gitlab-oauth-plugineq1.0.5
gitlab-oauth-plugineq1.0.4
gitlab-oauth-plugineq1.0.6
gitlab-oauth-plugineqgithub-oauth-0.13
gitlab-oauth-plugineqgithub-oauth-0.18
gitlab-oauth-plugineq1.0.7
gitlab-oauth-plugineq1.2
gitlab-oauth-plugineqgithub-oauth-0.21
gitlab-oauth-plugineqgitlab-oauth-1.0.0

Name	Operator	Version
gitlab-oauth-plugin	eq	1.1
gitlab-oauth-plugin	eq	1.0.5
gitlab-oauth-plugin	eq	1.0.4
gitlab-oauth-plugin	eq	1.0.6
gitlab-oauth-plugin	eq	github-oauth-0.13
gitlab-oauth-plugin	eq	github-oauth-0.18
gitlab-oauth-plugin	eq	1.0.7
gitlab-oauth-plugin	eq	1.2
gitlab-oauth-plugin	eq	github-oauth-0.21
gitlab-oauth-plugin	eq	gitlab-oauth-1.0.0