CVE-2018-1000174Open Redirect in Jenkins Google Login

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 91.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Google Login
Timeline
PublishedMay 8
Latest updateMay 14

Description

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
Jenkins Google Login Plugin Open Redirect vulnerability2022-05-14
GHSA
Jenkins Google Login Plugin Open Redirect vulnerability2022-05-14
CVEList
CVE-2018-1000174: An open redirect vulnerability exists in Jenkins Google Login Plugin 12018-05-08

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-04-162018-04-16
CVE-2018-1000174 — Open Redirect in Jenkins | cvebase