Jenkins OpenID Connect Auth Plugin <2.6 Phish Redirect URL Flaw
CVE-2023-50771 Published on December 13, 2023

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

Vendor Advisory NVD

Products Associated with CVE-2023-50771

stack.watch emails you whenever new vulnerabilities are published in Jenkins Openid or Jenkins Openid Connect Authentication. Just hit a watch button to start following.

Jenkins Openid

Jenkins Openid Connect Authentication

Affected Versions

Jenkins Project Jenkins OpenId Connect Authentication Plugin:

Before and including 2.6 is affected.

Exploit Probability

EPSS

0.06%

Percentile

18.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins OpenID Connect Auth Plugin <2.6 Phish Redirect URL FlawCVE-2023-50771 Published on December 13, 2023

Products Associated with CVE-2023-50771

Affected Versions

Exploit Probability

Jenkins OpenID Connect Auth Plugin <2.6 Phish Redirect URL Flaw
CVE-2023-50771 Published on December 13, 2023