Published: 12/07/2023 Updated: 20/07/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins openshift login

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

Synopsis Important: Jenkins and Jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

DescriptionA flaw was found in the Jenkins OpenShift Login Plugin Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability An attacker can use a specially crafted URL to redirect a victim to arbitrary web sitesA flaw was found in the Jenkins OpenShift Login Plugin ...

CWE-601 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999 http://www.openwall.com/lists/oss-security/2023/07/12/2 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2024:0777 https://access.redhat.com/security/cve/cve-2023-37947

CVE-2023-37947

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect