CVE-2021-21673

URL Redirection to Untrusted Site (Open Redirect) in maven/org.jenkins-ci.plugins/cas-plugin

Identifier

CVE-2021-21673

Package Slug

maven/org.jenkins-ci.plugins/cas-plugin

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

Jenkins CAS Plugin improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

Affected Versions

All versions up to 1.6.0

Solution

Upgrade to version 1.6.1 or above.

Last Modified

2021-07-08

source