CVE-2022-25196 (GCVE-0-2022-25196)

Vulnerability from cvelistv5 – Published: 2022-02-15 16:11 – Updated: 2024-08-03 04:36
VLAI?
Summary
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Jenkins project Jenkins GitLab Authentication Plugin Affected: unspecified , ≤ 1.13 (custom)
Unknown: next of 1.13 , < unspecified (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:05.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833"
          },
          {
            "name": "[oss-security] 20220215 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/15/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins GitLab Authentication Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "1.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 1.13",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T14:19:57.021Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833"
        },
        {
          "name": "[oss-security] 20220215 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/15/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2022-25196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins GitLab Authentication Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.13"
                          },
                          {
                            "version_affected": "?\u003e",
                            "version_value": "1.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833"
            },
            {
              "name": "[oss-security] 20220215 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/02/15/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2022-25196",
    "datePublished": "2022-02-15T16:11:26",
    "dateReserved": "2022-02-15T00:00:00",
    "dateUpdated": "2024-08-03T04:36:05.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:gitlab_authentication:*:*:*:*:*:jenkins:*:*\", \"versionEndIncluding\": \"1.13\", \"matchCriteriaId\": \"14DEE4FC-5B60-4DC7-8BBB-76311E5E5498\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.\"}, {\"lang\": \"es\", \"value\": \"Jenkins GitLab Authentication Plugin versiones 1.13 y anteriores, registra el encabezado HTTP Referer como parte de los par\\u00e1metros de consulta de la URL cuando es iniciado el proceso de autenticaci\\u00f3n, lo que permite a atacantes con acceso a Jenkins dise\\u00f1ar una URL que redirija a usuarios a una URL especificada por el atacante despu\\u00e9s de iniciar la sesi\\u00f3n\"}]",
      "id": "CVE-2022-25196",
      "lastModified": "2024-11-21T06:51:47.397",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:N\", \"baseScore\": 4.9, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-02-15T17:15:10.537",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/02/15/2\", \"source\": \"jenkinsci-cert@googlegroups.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833\", \"source\": \"jenkinsci-cert@googlegroups.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/02/15/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25196\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2022-02-15T17:15:10.537\",\"lastModified\":\"2024-11-21T06:51:47.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.\"},{\"lang\":\"es\",\"value\":\"Jenkins GitLab Authentication Plugin versiones 1.13 y anteriores, registra el encabezado HTTP Referer como parte de los par\u00e1metros de consulta de la URL cuando es iniciado el proceso de autenticaci\u00f3n, lo que permite a atacantes con acceso a Jenkins dise\u00f1ar una URL que redirija a usuarios a una URL especificada por el atacante despu\u00e9s de iniciar la sesi\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:gitlab_authentication:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"1.13\",\"matchCriteriaId\":\"14DEE4FC-5B60-4DC7-8BBB-76311E5E5498\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/02/15/2\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/02/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.