Lucene search

[email protected]CVE-2015-5298

HistoryJul 07, 2022 - 7:15 p.m.

CVE-2015-5298

2022-07-0719:15:00

CWE-287

[email protected]

web.nvd.nist.gov

google login plugin

jenkins

authentication

security

vulnerability

cve-2015-5298

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

VendorProductVersionCPE
jenkinsgoogle_login*cpe:2.3:a:jenkins:google_login:*:*:*:*:*:*:*:*
jenkinsgoogle_login*cpe:2.3:a:jenkins:google_login:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jenkins	google_login	*	cpe:2.3:a:jenkins:google_login::::::::
jenkins	google_login	*	cpe:2.3:a:jenkins:google_login::::::::

References

exfiltrated.com/research-CVE-2015-5298.php

www.jenkins.io/security/advisory/2015-10-12/

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for CVE-2015-5298

prion1 cnvd1 ubuntucve1 github1 osv1