{"id":"CVE-2018-1000173","details":"A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.","aliases":["GHSA-rp82-xvg3-727c"],"modified":"2026-05-18T09:59:28.822261Z","published":"2018-05-08T15:29:00.270Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104210"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2018-04-16/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/google-login-plugin","events":[{"introduced":"0"},{"last_affected":"9ae014027d2db7df7d3c958342be236ec34ed952"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:jenkins:google_login:*:*:*:*:*:jenkins:*:*"}}],"versions":["google-login-1.3","google-login-1.2.1","google-login-1.2","google-login-1.1","google-login-1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000173.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}