MEDIUM 4.3
GHSA-r8fj-rff6-f7h5
Jenkins Bitbucket OAuth Plugin does not restrict the redirect URL after login
상세
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login.
This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication.
Bitbucket OAuth Plugin 0.18 only redirects to relative (Jenkins) URLs.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Maven / org.jenkins-ci.plugins:bitbucket-oauth
최초 영향 버전:
0 수정 버전: 0.18 수정
# pom.xml: bump <version>0.18</version> for org.jenkins-ci.plugins:bitbucket-oauth