CVE-2018-1000173
published 2018-05-08CVE-2018-1000173: A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to…
medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | email_extension_plugin | — | — |
| jenkins | google_login | <= 1.3 | — |
| jenkins | google_login_plugin | — | — |
| jenkins | html_publisher_plugin | — | — |
| jenkins | s3_publisher_plugin | — | — |