Primary

Context

Jenkins Microsoft Entra ID Open Redirect Vulnerability

Vulnerability

A open redirect vulnerability has been identified in the Jenkins Microsoft Entra ID (previously Azure AD) Plugin, specifically in versions through 666.v6060de32f87d. The vulnerability arises because the plugin does not properly restrict the redirect URL after login. This flaw allows attackers to conduct phishing attacks by directing users to a Jenkins URL that, after successful authentication, forwards them to a different site.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are tricked into providing credentials or other sensitive information to an attacker-controlled site.

Remediation

Users of the Microsoft Entra ID (previously Azure AD) Plugin should update to version 667.v4c5827a_e74a_0, which addresses the open redirect vulnerability by ensuring that redirects are only to relative Jenkins URLs.

Added: Apr 29, 2026, 2:19 PM

Updated: Apr 29, 2026, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Microsoft Entra ID Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating