Open Redirect
Affecting org.jenkins-ci.plugins:gitlab-oauth artifact, versions [0,]
Do your applications use this vulnerable package?
Test your applications
Overview
org.jenkins-ci.plugins:gitlab-oauth is a a plugin for offloading authentication and authorization to GitLab.
Affected versions of this package are vulnerable to Open Redirect.
The vulnerability in GitLabSecurityRealm.java
allows attackers to redirect users to a URL outside Jenkins after successful login.
Remediation
There is no fixed version for org.jenkins-ci.plugins:gitlab-oauth
.
References
CVSS Score
5.4
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityNone
- Credit
- Wadeck Follonier
- CVE
- CVE-2019-10372
- CWE
- CWE-601
- Snyk ID
- SNYK-JAVA-ORGJENKINSCIPLUGINS-458749
- Disclosed
- 07 Aug, 2019
- Published
- 08 Aug, 2019