CVE-2015-5298

CVE-2015-5298

Vendor N/A
Product Jenkins Google Login Plugin
Weakness CWE-287 · Improper authentication
Published July 7, 2022
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

Key dates

02Disclosure timeline

July 7, 2022 CVE published
August 6, 2024 Record updated