What is CVE-2016-3726?

CVE-2016-3726 is a high-severity vulnerability in Jenkins. CVSS score: 7.4/10. Published 2016-05-17.

How severe is CVE-2016-3726?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Jenkins

CVE-2016-3726

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N.

Affected products

Jenkins
Redhat Openshift — versions 3.1, 3.2
N/a — versions n/a

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2016:1206 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:1773 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2016-3726?: CVE-2016-3726 is a high-severity vulnerability in Jenkins. CVSS score: 7.4/10. Published 2016-05-17.
How severe is CVE-2016-3726?: High severity. CVSS v3 base score is 7.4 out of 10.