CVE-2016-3726 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.652 <2.3 || >=0 <1.651.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

EPSS: 0.00076 pctl0.23546

Details

Jenkins affected by Open Redirect Vulnerability Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Metadata

Created: 2022-05-14T03:57:44Z
Modified: 2025-03-13T18:00:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rx4r-gxpc-h85x/GHSA-rx4r-gxpc-h85x.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-rx4r-gxpc-h85x
Finding: F156
Auto approve: 1