CVE-2026-42525 | THREATINT

Description

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

PUBLISHED Reserved 2026-04-28 | Published 2026-04-29 | Updated 2026-04-29 | Assigner jenkins

Product status

Default status

unaffected

Any version

affected

References

www.jenkins.io/security/advisory/2026-04-29/ (Jenkins Security Advisory 2026-04-29) vendor-advisory

cve.org (CVE-2026-42525)

nvd.nist.gov (CVE-2026-42525)

Download JSON