CVE-2018-1000174
MEDIUM5.4EPSS 0.03%Jenkins Google Login Plugin Open Redirect vulnerability
發布日:2022/5/14修改日:2024/2/21
描述
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:google-loginfrom 0, < 1.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |