CVE-2015-5298: Improper Authentication

July 8, 2022 (updated July 20, 2022)

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.

References

exfiltrated.com/research-CVE-2015-5298.php
github.com/advisories/GHSA-p487-39h9-hm84
nvd.nist.gov/vuln/detail/CVE-2015-5298
www.jenkins.io/security/advisory/2015-10-12/

Code Behaviors & Features

Detect and mitigate CVE-2015-5298 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →