PT-2018-9344 · Jenkins · Jenkins Google Login Plugin+1

Postmanclient

Published

2018-05-08

Updated

2022-05-14

CVE-2018-1000174

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Google Login Plugin versions 1.3 and older

Description An open redirect issue exists in the GoogleOAuth2SecurityRealm.java file, allowing attackers to redirect users to an arbitrary URL after a successful login.

Recommendations For Jenkins Google Login Plugin versions 1.3 and older, update to version 1.3.1 or newer, which only performs redirects to relative URLs, to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2018-1000174

GHSA-J279-CX9M-JV3W

Affected Products

Jenkins

Jenkins Google Login Plugin

PT-2018-9344 · Jenkins · Jenkins Google Login Plugin+1

CVE-2018-1000174

Weakness Enumeration

Related Identifiers

Affected Products

References · 6