GHSA-pg59-2w33-8vmc

Source

https://github.com/advisories/GHSA-pg59-2w33-8vmc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pg59-2w33-8vmc/GHSA-pg59-2w33-8vmc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pg59-2w33-8vmc

Aliases

CVE-2019-10372

Published

2022-05-24T16:52:45Z

Modified

2024-02-16T08:19:54.695260Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Jenkins Gitlab Authentication Plugin Open Redirect vulnerability

Details

GitLab Authentication Plugin records the HTTP Referer header when the authentication process starts and redirects users to that URL when the user has finished logging in.

This implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to Jenkins.

Database specific

{
    "nvd_published_at": "2019-08-07T15:15:00Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-03T22:49:24Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:gitlab-oauth

Package

Name: org.jenkins-ci.plugins:gitlab-oauth; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/gitlab-oauth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5

Affected versions

1.*

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.2

1.3

1.4

Database specific

{
    "last_known_affected_version_range": "<= 1.4"
}