CVE-2026-42525

MEDIUM 4.3

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Vendor	jenkins project
Product	jenkins microsoft entra id (previously azure ad) plugin
Published	Apr 29, 2026
Last Updated	Apr 29, 2026

Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins microsoft entra id (previously azure ad) plugin

Be the first to know when new medium vulnerabilities affecting jenkins project jenkins microsoft entra id (previously azure ad) plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Jenkins Project / Jenkins Microsoft Entra ID (previously Azure AD) Plugin

0 ≤ 666.v6060de32f87d

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jenkins.io: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3760