GHSA-3rqh-hch3-jhpcMediumCVSS 4.3

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL...

Published
June 10, 2026
Last Modified
June 10, 2026

🔗 CVE IDs covered (1)

📋 Description

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (./ or ../), allowing attackers to perform phishing attacks.

🔗 References (3)