Lucene search

Gitlab Oauth Security Vulnerabilities

cve

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

7.5CVSS

7.4AI Score

0.002EPSS

2019-08-07 03:15 PM

cve

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

6.1CVSS

6.1AI Score

0.001EPSS

2019-08-07 03:15 PM