Ghostwire

CVE-2026-42525: Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL...

MEDIUM CVSS 5.5

Published: April 29, 2026 | Last Modified: April 29, 2026

Description

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2026-42525
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-42525