CVE-2015-5298

Summary

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

Affected Software

VendorProductVersion RangeStatus
n/aJenkins Google Login PluginJenkins Google Login Plugin 1.0 and 1.1affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References