CVE-2016-3726: Jenkins affected by Open Redirect Vulnerability
(updated )
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to “scheme-relative” URLs.
References
- access.redhat.com/errata/RHSA-2016:1206
- github.com/advisories/GHSA-rx4r-gxpc-h85x
- github.com/jenkinsci/jenkins
- github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25
- nvd.nist.gov/vuln/detail/CVE-2016-3726
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- www.cloudbees.com/jenkins-security-advisory-2016-05-11
Detect and mitigate CVE-2016-3726 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →