6.1
CVE-2018-1000174
- EPSS 0.03%
- Veröffentlicht 08.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Google Login SwPlatformjenkins Version <= 1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.052 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.