CVE-2023-24445

Vulnerability

Description Jenkins OpenID Plugin 2.4 and earlier has a flaw in how it determines whether a redirect URL after login is legitimate. Specifically, the plugin does not properly verify that the redirect target is within the Jenkins instance, allowing an attacker to supply an arbitrary URL that the user will be redirected to after authentication [1][2].

Exploitation

An attacker can craft a login URL that includes a malicious redirect parameter. When a victim clicks this URL and completes the OpenID login process, they are redirected to an external site controlled by the attacker. No prior authentication is required to exploit this vulnerability, as the attack can be performed by enticing a Jenkins user to follow a specially crafted link [1].

Impact

Successful exploitation allows an attacker to redirect users to a malicious site, which can be used for phishing attacks or to steal credentials. This undermines the trust of the login process and can lead to further compromise of user accounts [1][2].

Mitigation

Jenkins has released a fix for this vulnerability in OpenID Plugin version 2.5. Users should upgrade to this version or later. If an upgrade is not possible, administrators should review their OpenID configuration and consider additional security measures to validate redirect URLs [1].