Open Redirect in org.jenkins-ci.plugins:gitlab-oauth

Do your applications use this vulnerable package? Test your applications

Overview

org.jenkins-ci.plugins:gitlab-oauth is a a plugin for offloading authentication and authorization to GitLab.

Affected versions of this package are vulnerable to Open Redirect. The vulnerability in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

Remediation

There is no fixed version for org.jenkins-ci.plugins:gitlab-oauth.

References

Jenkins Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

None

Credit: Wadeck Follonier
CVE: CVE-2019-10372
CWE: CWE-601
Snyk ID: SNYK-JAVA-ORGJENKINSCIPLUGINS-458749
Disclosed: 07 Aug, 2019
Published: 08 Aug, 2019