[MAVEN:GHSA-V93C-CXJ5-C398] Jenkins Google Login Plugin Open Redirect vulnerability

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Google Login Plugin 1.7 only redirects to relative (Jenkins) URLs.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/google-login	>= 1.4, < 1.7

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/google-login	= 1.7

ID

MAVEN:GHSA-V93C-CXJ5-C398

Severity

moderate

URL

https://github.com/advisories/GHSA-v93c-cxj5-c398

Published

2022-12-12T09:30:35
(21 months ago)

Modified

2023-01-28T05:06:07
(19 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-2967

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-46683
			https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2967
			https://github.com/jenkinsci/google-login-plugin/commit/532d714943ff8ae8dc862427d39a4b78b7f6a375
			https://github.com/advisories/GHSA-v93c-cxj5-c398

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/google-login	org.jenkins-ci.plugins	google-login	>= 1.4 < 1.7
Fixed	pkg:maven/org.jenkins-ci.plugins/google-login	org.jenkins-ci.plugins	google-login	= 1.7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date