Open Redirect Flaw in Jenkins Google Login Plugin for Jenkins
CVE-2018-1000174

6.1MEDIUM

Key Information:

Vendor

Jenkins
Status
Google Login
Vendor
CVE Published:
8 May 2018

What is CVE-2018-1000174?

An open redirect vulnerability is present in the Google Login Plugin for Jenkins versions 1.3 and earlier, specifically in the GoogleOAuth2SecurityRealm.java file. This flaw enables attackers to redirect users to arbitrary URLs after they successfully log in, potentially leading to phishing attacks or exposure of sensitive information. Users of the affected plugin are advised to review the security advisory and apply the necessary updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://jenkins.io/security/advisory/2018-04-16/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104211
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.