Description

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

Remediation

References

http://exfiltrated.com/research-CVE-2015-5298.php

https://www.jenkins.io/security/advisory/2015-10-12/

Related Vulnerabilities

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap

CVE-2017-3523 Vulnerability in maven package mysql:mysql-connector-java

CVE-2020-7691 Vulnerability in maven package org.webjars.npm:jspdf

CVE-2023-47326 Vulnerability in maven package org.silverpeas.core:silverpeas-core

CVE-2017-1000207 Vulnerability in maven package io.swagger:swagger-codegen

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory