CVE-2022-46683

Name of the Vulnerable Software and Affected Versions Jenkins Google Login Plugin versions 1.4 through 1.6

Description The issue arises from the improper determination of a redirect URL after login, which is supposed to point to Jenkins. This could potentially lead to unauthorized access. The Google Login Plugin version 1.7 has addressed this by only redirecting to relative Jenkins URLs.

Recommendations For Jenkins Google Login Plugin versions 1.4 through 1.6, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.