CVE-2023-24445

Open redirect vulnerability in Jenkins OpenID Plugin in maven/org.jenkins-ci.plugins/openid

Identifiers

GHSA-mj62-m63x-mh84, CVE-2023-24445

Package Slug

maven/org.jenkins-ci.plugins/openid

Vulnerability

Open redirect vulnerability in Jenkins OpenID Plugin

Description

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

Affected Versions

All versions up to 2.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source