CVE-2015-5298
published 2022-07-07CVE-2015-5298: The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | google_login | — | — |
| jenkins | google_login | — | — |
| jenkins | google_login_plugin | — | — |
| jenkins | jenkins_instance_using_the_google_login_plugin | — | — |