CVE-2022-25196

Posted on 2022년 2월 16일2022년 2월 16일 by admin

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.

Source: CVE-2022-25196

답글 남기기 응답 취소