Jenkins Gitlab Oauth vulnerabilities

CVE-2019-10371 [HIGH] CWE-384 CVE-2019-10371: A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSe A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

CVE-2019-10372 [MEDIUM] CWE-601 CVE-2019-10372: An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecu An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.