Description

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

Remediation

References

http://www.securityfocus.com/bid/104211

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2021-41193 Vulnerability in maven package com.wire:avs

CVE-2019-1003059 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

CVE-2017-5662 Vulnerability in maven package org.apache.xmlgraphics:batik-rasterizer

CVE-2023-48910 Vulnerability in maven package io.github.microcks:microcks

CVE-2018-1002204 Vulnerability in maven package org.webjars:adm-zip

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory