Refine your search

1 vulnerability found for Jenkins Microsoft Entra ID (previously Azure AD) Plugin by Jenkins Project

CVE-2026-42525 (GCVE-0-2026-42525)
Vulnerability from cvelistv5
Published
2026-04-29 13:31
Modified
2026-04-29 14:09
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
References
Impacted products
Vendor Product Version
Jenkins Project Jenkins Microsoft Entra ID (previously Azure AD) Plugin Version: 0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-42525",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T14:09:36.527106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T14:09:41.735Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jenkins Microsoft Entra ID (previously Azure AD) Plugin",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThanOrEqual": "666.v6060de32f87d",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-29T13:31:33.582Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "Jenkins Security Advisory 2026-04-29",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3760"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2026-42525",
    "datePublished": "2026-04-29T13:31:33.582Z",
    "dateReserved": "2026-04-28T09:24:35.049Z",
    "dateUpdated": "2026-04-29T14:09:41.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}