Skip to main content

Google Login

4 CVEs product

Monthly

CVE-2023-41936 Maven HIGH PATCH This Week

Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Google Information Disclosure Google Login
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-46683 Maven MEDIUM PATCH This Month

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins Open Redirect Google Login
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2018-1000174 Maven MEDIUM PATCH This Month

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Jenkins Open Redirect Google Login
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1000173 Maven MEDIUM PATCH This Month

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Jenkins Java Google Authentication Bypass +1
NVD
CVSS 3.0
5.9
EPSS
1.6%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Google Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins Open Redirect +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Jenkins +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Jenkins Java +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy