[MAVEN:GHSA-J279-CX9M-JV3W] Jenkins Google Login Plugin Open Redirect vulnerability

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/google-login	<= 1.3

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/google-login	= 1.3.1

ID

MAVEN:GHSA-J279-CX9M-JV3W

Severity

moderate

URL

https://github.com/advisories/GHSA-j279-cx9m-jv3w

Published

2022-05-14T03:18:40
(2 years ago)

Modified

2023-01-28T05:04:01
(19 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-684

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-1000174
			https://jenkins.io/security/advisory/2018-04-16/
			http://www.securityfocus.com/bid/104211
			https://github.com/advisories/GHSA-j279-cx9m-jv3w

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/google-login	org.jenkins-ci.plugins	google-login	<= 1.3
Fixed	pkg:maven/org.jenkins-ci.plugins/google-login	org.jenkins-ci.plugins	google-login	= 1.3.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date