Every CVE whose affected-product data names Jenkins Google Login, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-41936 — CVSS 7.5 (high): Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected…
CVE-2015-5298 — CVSS 6.5 (medium): The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that…
CVE-2018-1000174 — CVSS 6.1 (medium): An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers…
CVE-2022-46683 — CVSS 6.1 (medium): Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing…
CVE-2018-1000173 — CVSS 5.9 (medium): A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows…