This advisory announces a vulnerability in the Google Login Plugin.
Jenkins issue: SECURITY-208
CVE ID: CVE-2015-5298
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
CVE-2015-5298 is rated medium. While the attacker will be able to successfully authenticate to any network-reachable Jenkins instance using the Google Login plugin, it will depend on the configuration of permissions, specifically the authenticated group, what the impact on the system is.