CVE-2026-42525
MEDIUM4.3EPSS 0.04%Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
發布日:2026/4/29修改日:2026/5/6
描述
Jenkins Microsoft Entra ID (previously Azure AD) Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication. Microsoft Entra ID (previously Azure AD) Plugin 667.v4c5827a_e74a_0 only redirects to relative (Jenkins) URLs.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:azure-adfrom 0, < 667.v4c5827a
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |