CVE-2016-3726 — Open Redirect in Jenkins

CWE-601 — Open Redirect8 documents7 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 76.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedMay 17

Latest updateMay 14

Description

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶NVDjenkins/jenkins1.651.1+1

▶NVDredhat/openshift3.1, 3.2+1

🔴Vulnerability Details

GHSA

Jenkins affected by Open Redirect Vulnerability↗2022-05-14

▶

OSV

Jenkins affected by Open Redirect Vulnerability↗2022-05-14

▶

CVEList

CVE-2016-3726: Multiple open redirect vulnerabilities in Jenkins before 2↗2016-05-17

▶

📋Vendor Advisories

Red Hat

jenkins: Open redirect to scheme-relative URLs (SECURITY-276)↗2016-05-11

▶

Jenkins

Jenkins Security Advisory 2016-05-11↗2016-05-11

▶

💬Community

Bugzilla

CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727 jenkins: various flaws [fedora-all]↗2016-05-12

▶

Bugzilla

CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276)↗2016-05-12

▶