Vulnerability Description
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Gitlab Authentication | <= 1.13 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/02/15/2Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833Issue TrackingPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/02/15/2Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-25196?
CVE-2022-25196 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenk...
How severe is CVE-2022-25196?
CVE-2022-25196 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25196?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Gitlab Authentication.