Jenkins affected by Open Redirect Vulnerability
High severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Mar 13, 2025
Package
Affected versions
>= 1.652, < 2.3
< 1.651.2
Patched versions
2.3
1.651.2
Description
Published by the National Vulnerability Database
May 17, 2016
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Mar 13, 2025
Last updated
Mar 13, 2025
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
References