Description

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

Remediation

References

http://www.securityfocus.com/bid/104211

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2022-25645 Vulnerability in maven package org.webjars.npm:dset

CVE-2022-45207 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system

CVE-2018-1000118 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-27885 Vulnerability in maven package org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature

CVE-2021-26073 Vulnerability in npm package atlassian-connect-express

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory