[MAVEN:GHSA-J279-CX9M-JV3W] Jenkins Google Login Plugin Open Redirect vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-login | <= 1.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-login | = 1.3.1 |
- ID
- MAVEN:GHSA-J279-CX9M-JV3W
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-j279-cx9m-jv3w
- Published
-
2022-05-14T03:18:40
(2 years ago) - Modified
-
2023-01-28T05:04:01
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/google-login | org.jenkins-ci.plugins | google-login | <= 1.3 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/google-login | org.jenkins-ci.plugins | google-login | = 1.3.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |