{"id":"GHSA-v93c-cxj5-c398","summary":"Jenkins Google Login Plugin Open Redirect vulnerability","details":"Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Google Login Plugin 1.7 only redirects to relative (Jenkins) URLs.\n\n","aliases":["CVE-2022-46683"],"modified":"2023-11-08T04:10:57.228864Z","published":"2022-12-12T09:30:35Z","database_specific":{"github_reviewed_at":"2022-12-12T22:19:23Z","nvd_published_at":"2022-12-12T09:15:00Z","cwe_ids":["CWE-601"],"severity":"MODERATE","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46683"},{"type":"WEB","url":"https://github.com/jenkinsci/google-login-plugin/commit/532d714943ff8ae8dc862427d39a4b78b7f6a375"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/google-login-plugin"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2967"}],"affected":[{"package":{"name":"org.jenkins-ci.plugins:google-login","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.plugins/google-login"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.4"},{"fixed":"1.7"}]}],"versions":["1.4","1.5","1.6"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-v93c-cxj5-c398/GHSA-v93c-cxj5-c398.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}