CVE-2025-64131

Jenkins SAML Plugin 4.583.vc68232f7018a and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user...

Jenkins SAML Plugin 安全漏洞

Jenkins SAML Plugin is an open source single sign-on plugin for Jenkins. A security vulnerability exists in Jenkins SAML Plugin 4.583.vc68232f7018a and prior versions, which stems from an unimplemented replay cache, which could allow an attacker to authenticate by replaying SAML authentication...

EUVD-2023-2106

Malicious code in bioql PyPI...

EUVD-2023-1515

Malicious code in bioql PyPI...

EUVD-2022-2416

Malicious code in bioql PyPI...

EUVD-2022-5102

Malicious code in bioql PyPI...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2023-32994

Jenkins SAML Single Sign OnSSO Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2023-32991

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

GHSA-R5W3-PFQ8-3R82 Jenkins SAML Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login. In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive...

Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Code Coverage API...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

Cross site request forgery (csrf)

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

PT-2021-14721 · Jenkins · Jenkins Swamp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Plugin versions 1.1.3 through 2.0.7 Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive implementation of an extension poin...

Session fixation

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...