Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Saml Single Sign On Security Vulnerabilities

cve
cve

CVE-2019-13347

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate thei...

7.5CVSS

7.4AI Score

0.001EPSS

2019-12-13 01:15 PM
26
cve
cve

CVE-2021-37843

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6....

9.8CVSS

9.4AI Score

0.01EPSS

2021-08-02 07:15 PM
24
6
cve
cve

CVE-2023-32991

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

8.8CVSS

8.5AI Score

0.001EPSS

2023-05-16 05:15 PM
21
cve
cve

CVE-2023-32992

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

8.8CVSS

8.4AI Score

0.001EPSS

2023-05-16 05:15 PM
22
cve
cve

CVE-2023-32993

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

4.8CVSS

4.9AI Score

0.0005EPSS

2023-05-16 05:15 PM
20
cve
cve

CVE-2023-32994

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

3.7CVSS

4.1AI Score

0.0005EPSS

2023-05-16 05:15 PM
24
cve
cve

CVE-2023-32995

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

8.8CVSS

8.7AI Score

0.001EPSS

2023-05-16 05:15 PM
19
cve
cve

CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

4.3CVSS

4.4AI Score

0.0005EPSS

2023-07-12 04:15 PM
12