CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32992
https://notcve.org/view.php?id=CVE-2023-32992
Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32991
https://notcve.org/view.php?id=CVE-2023-32991
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21678
https://notcve.org/view.php?id=CVE-2021-21678
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. El Plugin SAML de Jenkins versiones 2.0.7 y anteriores, permiten a atacantes diseñar URLs que podrían evitar la protección CSRF de cualquier URL de destino en Jenkins • http://www.openwall.com/lists/oss-security/2021/08/31/1 https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2469 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000602
https://notcve.org/view.php?id=CVE-2018-1000602
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. Existe una vulnerabilidad de fijación de sesión en el plugin Google Login en versiones 1.0.6 y anteriores para Jenkins en SamlSecurityRealm.java que permite que los atacantes no autorizados suplanten otro usuario si pueden controlar la sesión de preautenticación. • https://jenkins.io/security/advisory/2018-06-25/#SECURITY-916 • CWE-384: Session Fixation •