PT-2026-35919 · Jenkins · Entra Id Plugin+1

Dyingman1

·

Published

2026-04-29

·

Updated

2026-05-05

·

CVE-2026-42525

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID (previously Azure AD) Plugin versions prior to 666.v6060de32f87d
Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks.
Recommendations Update the plugin to a version later than 666.v6060de32f87d.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2026-42525
GHSA-JP6G-G3V3-6GVF

Affected Products

Jenkins
Entra Id Plugin