CVE-2021-21673

CVSS v3.1 6.1 (Medium)

CVSS v2.0 5.8 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 2

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2021-06-30 17:15:09
(3 years ago)
Updated Date: 2023-10-25 18:16:51
(10 months ago)

Affected Products

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins Cas for Jenkins 1.6.0 and prior versions	cpe:2.3:a:jenkins:cas::::::jenkins		<= 1.6.0