GHSA-j279-cx9m-jv3w

Suggest an improvement
Source
https://github.com/advisories/GHSA-j279-cx9m-jv3w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j279-cx9m-jv3w/GHSA-j279-cx9m-jv3w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j279-cx9m-jv3w
Aliases
Published
2022-05-14T03:18:40Z
Modified
2024-02-21T05:21:22.687724Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins Google Login Plugin Open Redirect vulnerability
Details

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs.

Database specific 
{
    "nvd_published_at": "2018-05-08T15:29:00Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-12T16:57:45Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:google-login

Package

Name
org.jenkins-ci.plugins:google-login
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/google-login

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1

Affected versions

1.*

1.0
1.1
1.2
1.2.1
1.3

Database specific 

{
    "last_known_affected_version_range": "<= 1.3"
}