Описание
Jenkins Google Login Plugin Open Redirect vulnerability
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.
Пакеты
Наименование
org.jenkins-ci.plugins:google-login
maven
Затронутые версииВерсия исправления
<= 1.3
1.3.1
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.