Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qMjc5LWN4OW0tanYzd84AAWxT
Jenkins Google Login Plugin Open Redirect vulnerability
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.
Permalink: https://github.com/advisories/GHSA-j279-cx9m-jv3wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMjc5LWN4OW0tanYzd84AAWxT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-j279-cx9m-jv3w, CVE-2018-1000174
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000174
- https://jenkins.io/security/advisory/2018-04-16/
- http://www.securityfocus.com/bid/104211
- https://github.com/advisories/GHSA-j279-cx9m-jv3w
Affected Packages
maven:org.jenkins-ci.plugins:google-login
Affected Version Ranges: <= 1.3Fixed in: 1.3.1