Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24445 | Open Redirect vulnerability in Jenkins Openid Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | 6.1 |
| 2023-01-22 | CVE-2023-24044 | Open Redirect vulnerability in Plesk Obsidian 18.0.17 A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. | 6.1 |
| 2023-01-17 | CVE-2023-22298 | Open Redirect vulnerability in multiple products Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
| 2023-01-12 | CVE-2022-3145 | Open Redirect vulnerability in Okta Oidc Middleware An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | 4.7 |
| 2023-01-12 | CVE-2022-39183 | Open Redirect vulnerability in Moodle Saml Authentication Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | 6.1 |
| 2023-01-12 | CVE-2023-0042 | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. | 6.1 |
| 2023-01-11 | CVE-2023-22958 | Open Redirect vulnerability in Syracom Secure Login The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | 6.1 |
| 2023-01-07 | CVE-2017-20164 | Open Redirect vulnerability in Symbiote Seed 6.0.0/6.0.1/6.0.2 A vulnerability was found in Symbiote Seed up to 6.0.2. | 6.1 |
| 2023-01-03 | CVE-2022-3614 | Open Redirect vulnerability in Octopus Server In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | 6.1 |
| 2022-12-27 | CVE-2022-4720 | Open Redirect vulnerability in Ikus-Soft Rdiffweb Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | 6.1 |