Google · Google Login Plugin · CVE-2015-5298
**Name of the Vulnerable Software and Affected Versions**
Google Login Plugin versions 1.0 and 1.1
**Description**
The issue allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
**Recommendations**
For Google Login Plugin versions 1.0 and 1.1, consider disabling the plugin until a patch is available to prevent malicious authentication.
As a temporary workaround, restrict access to the Jenkins instances to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.