Jenkins affected by Open Redirect Vulnerability

GHSA-rx4r-gxpc-h85x · CVE-2016-3726

Published May 14, 2022 · Modified Mar 13, 2025

Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-3726
WEB https://github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25
WEB https://access.redhat.com/errata/RHSA-2016:1206
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
WEB https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
WEB http://rhn.redhat.com/errata/RHSA-2016-1773.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes