CVE-2022-25196

Name of the Vulnerable Software and Affected Versions Jenkins GitLab Authentication Plugin versions 1.13 and earlier

Description The issue allows attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This is caused by the plugin recording the HTTP Referer header as part of the URL query parameters when the authentication process starts.

Recommendations For Jenkins GitLab Authentication Plugin versions 1.13 and earlier, update to a version later than 1.13 to resolve the issue. As a temporary workaround, consider restricting access to the authentication process to minimize the risk of exploitation.