CVE-2022-46683

MEDIUM

Jenkins Google Login Plugin <1.7 - Open Redirect

Title source: llm

Description

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

References (1)

Core 1

Core References

Vendor Advisory

https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2967

Scores

CVSS v3 6.1

EPSS 0.0076

EPSS Percentile 73.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (2)

jenkins/google_login 1.4 - 1.7

org.jenkins-ci.plugins/google-login 1.4 - 1.7Maven

Published Dec 12, 2022

Tracked Since Feb 18, 2026