logo

Database

Cross-site request forgery In org.jenkins-ci.plugins:gitlab-oauth

Description

Jenkins Gitlab Authentication Plugin Open Redirect vulnerability GitLab Authentication Plugin records the HTTP Referer header when the authentication process starts and redirects users to that URL when the user has finished logging in.

This implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to Jenkins.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-103722. NVD-2019-103723. OSV-2019-103724. GCVE-2019-10372

References

1. https://github.com/jenkinsci/gitlab-oauth-plugin/commit/10059a4d4e121e0c3b13f6e6f74843565bb0b49a2. https://jenkins.io/security/advisory/2019-08-07/#SECURITY-7963. http://www.openwall.com/lists/oss-security/2019/08/07/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.