PT-2016-5683 · Cloudbees+1 · Jenkins

Adam Cazzolla

+1

·

Publicado

2016-05-17

·

Atualizado

2022-05-14

·

CVE-2016-3726

CVSS v3.1

7.4

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.3 Jenkins LTS versions prior to 1.651.2
Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to scheme-relative URLs.
Recommendations For Jenkins versions prior to 2.3, update to version 2.3 or later. For Jenkins LTS versions prior to 1.651.2, update to version 1.651.2 or later.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2016-3726
GHSA-RX4R-GXPC-H85X
RHSA-2016:1206
RHSA-2016:1773

Produtos afetados

Jenkins