High severity7.4NVD Advisory· Published May 17, 2016· Updated Jun 17, 2026
CVE-2016-3726
CVE-2016-3726
Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 1.652, < 2.3 | 2.3 |
org.jenkins-ci.main:jenkins-coreMaven | < 1.651.2 | 1.651.2 |
Affected products
5cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=2.2
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <=1.651.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-rx4r-gxpc-h85xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3726ghsaADVISORY
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11nvdVendor AdvisoryWEB
- www.cloudbees.com/jenkins-security-advisory-2016-05-11nvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1773.htmlnvdWEB
- access.redhat.com/errata/RHSA-2016:1206nvdWEB
- github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25ghsaWEB
News mentions
0No linked articles in our index yet.