CVE-2022-25196: 
Java vulnerability analysis and mitigation

CVE-2022-25196 affects the Jenkins GitLab Authentication Plugin versions 1.13 and earlier. This vulnerability was discovered and reported by James Nord from CloudBees, Inc. and was publicly disclosed on February 15, 2022. The vulnerability is identified as SECURITY-1833 and is caused by an incomplete fix of a previous security issue (SECURITY-796) (Jenkins Advisory, OSS Security).

The vulnerability is classified as an open redirect vulnerability with a Medium severity CVSS v3.1 base score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). The issue occurs when the plugin records the HTTP Referer header as part of the URL query parameters during the authentication process start and subsequently redirects users to that URL after they complete the login process (NVD).

This vulnerability allows attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This could potentially be used in phishing attacks or to redirect users to malicious websites after they complete the authentication process (Jenkins Advisory).

As of the advisory publication date, there was no fix available for this vulnerability. The issue remains unresolved in the GitLab Authentication Plugin (Jenkins Advisory).