GHSA-463r-5m89-4xfrMediumCVSS 4.3
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL...
🔗 CVE IDs covered (1)
📋 Description
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between //, allowing attackers to perform phishing attacks.