Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qMjc5LWN4OW0tanYzd84AAWxT

Jenkins Google Login Plugin Open Redirect vulnerability

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.

Permalink: https://github.com/advisories/GHSA-j279-cx9m-jv3w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMjc5LWN4OW0tanYzd84AAWxT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-j279-cx9m-jv3w, CVE-2018-1000174
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:google-login
Affected Version Ranges: <= 1.3
Fixed in: 1.3.1