VDB
CISA-2023-32991
CISA-2023-32991
PUBLISHED
CVSS 8.8 HIGH
Reported by jenkins · Published May 16, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.
Risk Scores
CVSS 3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins Project | Jenkins SAML Single Sign On(SSO) Plugin | 0 |
| Jenkins Project | Jenkins SAML Single Sign On(SSO) Plugin | 0, 0 |
Timeline
- May 16, 2023 CVE Published
- Jan 23, 2025 CVE Updated
References
- Jenkins Security Advisory 2023-05-16 vendor-advisory