CVE-2022-46683
published 2022-12-12CVE-2022-46683: Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | checkmarx_plugin | — | — |
| jenkins | custom_build_properties_plugin | — | — |
| jenkins | gitea_plugin | — | — |
| jenkins | google_login | >= 1.4 < 1.7 | 1.7 |
| jenkins | google_login_plugin | — | — |
| jenkins | plot_plugin | — | — |
| jenkins | sonar_gerrit_plugin | — | — |
| jenkins | spring_config_plugin | — | — |
| jenkins_project | jenkins_google_login_plugin | >= 1.4 < unspecified | unspecified |
| jenkins_project | jenkins_google_login_plugin | unspecified – 1.6 | — |