CVE-2022-25196
MEDIUMJenkins GitLab Authentication Plugin < 1.13 - Open Redirect via HTTP Referer Header
Title source: llmDescription
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
References (2)
Core 2
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/02/15/2
Scores
CVSS v3
5.4
EPSS
0.0002
EPSS Percentile
6.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
jenkins/gitlab_authentication
< 1.13
org.jenkins-ci.plugins/gitlab-oauth
0Maven
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026