Vulnerabilities > Jenkins > Saml Single Sign ON > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-16 | CVE-2023-32991 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | 8.8 |
2023-05-16 | CVE-2023-32992 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Saml Single Sign on Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | 8.8 |
2023-05-16 | CVE-2023-32995 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | 8.8 |