CVE-2018-1000173

Name of the Vulnerable Software and Affected Versions Jenkins Google Login Plugin versions 1.3 and older

Description A session fixaction vulnerability exists in the GoogleOAuth2SecurityRealm.java file, allowing unauthorized attackers to impersonate another user if they can control the pre-authentication session. This issue can be exploited by attackers who can manipulate the session before authentication.

Recommendations For Jenkins Google Login Plugin versions 1.3 and older, update to version 1.3.1 or newer, which invalidates the previous session during login and creates a new one, thus addressing the issue.