| Name | CVE-2015-5298 |
| Description | The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: Plugin not packaged in Debian
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12