Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-12-13T17:30:18.172Z

Updated: 2024-08-02T22:23:43.598Z

Reserved: 2023-12-13T13:06:36.477Z

Link: CVE-2023-50771

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-13T18:15:44.090

Modified: 2024-11-21T08:37:16.970

Link: CVE-2023-50771

cve-icon Redhat

No data.