Filtered by vendor Jenkins
Subscriptions
Filtered by product Google Login
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2023-10-24 | 6.1 Medium |
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||||
CVE-2023-41936 | 1 Jenkins | 1 Google Login | 2023-10-24 | 7.5 High |
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token. | ||||
CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2022-07-15 | 6.5 Medium |
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | ||||
CVE-2018-1000173 | 1 Jenkins | 1 Google Login | 2018-06-13 | N/A |
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | ||||
CVE-2018-1000174 | 1 Jenkins | 1 Google Login | 2018-06-13 | N/A |
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. |
Page 1 of 1.