Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41936 | 1 Jenkins | 1 Google Login | 2023-12-10 | N/A | 7.5 HIGH |
| Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token. | |||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2023-12-10 | N/A | 6.1 MEDIUM |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
| CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | |||||
| CVE-2018-1000174 | 1 Jenkins | 1 Google Login | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. | |||||
| CVE-2018-1000173 | 1 Jenkins | 1 Google Login | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | |||||