Описание
Jenkins Google Login Plugin Open Redirect vulnerability
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Google Login Plugin 1.7 only redirects to relative (Jenkins) URLs.
Пакеты
Наименование
org.jenkins-ci.plugins:google-login
maven
Затронутые версииВерсия исправления
>= 1.4, < 1.7
1.7
Связанные уязвимости
CVSS3: 6.1
nvd
около 3 лет назад
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.