CVE-2016-3726
First published: Thu May 12 2016(Updated: )
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Jenkins | <2.3 | 2.3 |
| redhat/Jenkins | <1.651.2 | 1.651.2 |
| Jenkins Jenkins | <=1.651.1 | |
| Redhat Openshift | =3.1 | |
| Redhat Openshift | =3.2 | |
| Jenkins Jenkins | <=2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-1773.html
- https://access.redhat.com/errata/RHSA-2016:1206
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335427
- https://rhn.redhat.com/errata/RHSA-2016-1773.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1335421
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3726
- agent/software-canonical-lookup
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins jenkins
- version/jenkins jenkins/1.651.1
- vendor/redhat
- canonical/redhat openshift
- version/redhat openshift/3.1
- version/redhat openshift/3.2
- version/jenkins jenkins/2.2