Description
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.jenkins.io/security/advisory/2015-10-12/
Third Party Advisory x_refsource_misc
http://exfiltrated.com/research-CVE-2015-5298.php
Scores
CVSS v3
6.5
EPSS
0.0039
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (3)
jenkins/google_login
1.0
jenkins/google_login
1.1
org.jenkins-ci.plugins/google-login
1.0 - 1.2Maven
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026