CVE-2018-1000174

MEDIUM5.4EPSS 0.03%

Jenkins Google Login Plugin Open Redirect vulnerability

Published: 5/14/2022Modified: 2/21/2024

Description

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.

Affected packages (1)

Maven/org.jenkins-ci.plugins:google-loginfrom 0, < 1.3.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000174
PATCHhttps://github.com/jenkinsci/google-login-plugin
WEBhttps://jenkins.io/security/advisory/2018-04-16
WEBhttp://www.securityfocus.com/bid/104211