CVE-2021-21673

Summary

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins CAS Pluginunspecified <= 1.6.0affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References