VDB
EN
MEDIUM 4.3

GHSA-r8fj-rff6-f7h5

Jenkins Bitbucket OAuth Plugin does not restrict the redirect URL after login

상세

Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login.

This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication.

Bitbucket OAuth Plugin 0.18 only redirects to relative (Jenkins) URLs.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.jenkins-ci.plugins:bitbucket-oauth
최초 영향 버전: 0 수정 버전: 0.18
수정 # pom.xml: bump <version>0.18</version> for org.jenkins-ci.plugins:bitbucket-oauth

참고