3 matches found
CVE-2023-32996
A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
CVE-2023-32996
Jenkins SAML SSO Plugin (versions ≤ 2.0.0) has a missing permission check on an HTTP endpoint, enabling attackers with Overall/Read to send attacker-specified JSON to miniOrange’s API for sending emails and triggering a CSRF-like risk. The issue is formally associated with CVE-2023-32996. Mitigat...
CVE-2023-32996
A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...