Security Advisory

CVE-2018-1000173

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-05-08 15:00:00
Last updated 2024-08-05 12:33:49
Assigner mitre
State PUBLISHED

Description

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.