Details
-
Type:
Bug
-
Status: In Review (View Workflow)
-
Priority:
Critical
-
Resolution: Unresolved
-
Component/s: gitlab-oauth-plugin
-
Environment:Jenkins v2.176.2
-
Similar Issues:
Description
I want to ask if these security issues addressed so far and planned on the roadmap?
https://wiki.jenkins.io/display/JENKINS/Gitlab+OAuth+Plugin
The current version of this plugin may not be safe to use. Please review the following warnings before use:
HTTP session fixation vulnerability
Open redirect vulnerability
Attachments
Activity
Field | Original Value | New Value |
---|---|---|
Status | Open [ 1 ] | In Progress [ 3 ] |
Status | In Progress [ 3 ] | In Review [ 10005 ] |
The two fixes are proposed in public:
Please Mohamed El Habib review them and if good enough for you, merge them. That will allow the plugin to avoid the security warnings.