CVE-2015-5298

Improper Authentication in maven/org.jenkins-ci.plugins/google-login

Identifiers

GHSA-p487-39h9-hm84, CVE-2015-5298

Package Slug

maven/org.jenkins-ci.plugins/google-login

Vulnerability

Improper Authentication

Description

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

Affected Versions

All versions starting from 1.0 before 1.2

Solution

Upgrade to version 1.2 or above.

Last Modified

2022-07-26

source