CVE-2018-1000174 Vulnerability in maven package org.jenkins-ci.plugins:google-login

Description

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

http://www.securityfocus.com/bid/104211

Related Vulnerabilities

CVE-2022-45855 Vulnerability in maven package org.apache.ambari:ambari

CVE-2016-6795 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view

CVE-2017-8439 Vulnerability in npm package kibana

CVE-2022-42129 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N