Lucene search

GitHub Advisory DatabaseGHSA-P4WR-9WFM-F9JW

HistoryJul 12, 2023 - 6:30 p.m.

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

2023-07-1218:30:38

CWE-862

GitHub Advisory Database

github.com

jenkins

saml

single sign-on

plugin

permission check

http endpoint

security realm

overall/administer permission

attackers

sensitive information

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Jenkins SAML Single Sign On(SSO) Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to download a string representation of the current security realm (Java Object#toString()), which potentially includes sensitive information.

SAML Single Sign On(SSO) Plugin 2.3.1 requires Overall/Administer permission to access the affected HTTP endpoint, and only allows downloading a string representation if the current security realm is this plugin’s.

Affected configurations

Vulners

Node

php-saml-sp_projectphp-saml-spRange<2.3.1

CPENameOperatorVersion
io.jenkins.plugins:miniorange-saml-splt2.3.1

CPE	Name	Operator	Version
	io.jenkins.plugins:miniorange-saml-sp	lt	2.3.1

References

www.openwall.com/lists/oss-security/2023/07/12/2

github.com/advisories/GHSA-p4wr-9wfm-f9jw

nvd.nist.gov/vuln/detail/CVE-2023-37945

www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for GHSA-P4WR-9WFM-F9JW