Vulnerabilities > Jenkins > Saml Single Sign ON > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32991 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-05-16 CVE-2023-32992 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Saml Single Sign on
Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.
network
low complexity
jenkins CWE-732
8.8
8.8
2023-05-16 CVE-2023-32995 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
network
low complexity
jenkins CWE-352
8.8
8.8