Vulnerability CVE-2016-3726

Vulnerability CVE-2016-3726

Published: 2016-05-17

Description:

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	DoorGets CMS 7.0 Open Redirect	Rudra Sarkar	04.07.2017

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
Redhat -> Openshift
Jenkins -> Jenkins
Cloudbees -> Jenkins

References:

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Copyright 2024, cxsecurity.com