Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.5 views

CVE-2025-64131

Jenkins SAML Plugin 4.583.vc68232f7018a and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user...

7.5CVSS6.5AI score0.00387EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.5 views

Jenkins SAML Plugin 安全漏洞

Jenkins SAML Plugin is an open source single sign-on plugin for Jenkins. A security vulnerability exists in Jenkins SAML Plugin 4.583.vc68232f7018a and prior versions, which stems from an unimplemented replay cache, which could allow an attacker to authenticate by replaying SAML authentication...

7.5CVSS6.6AI score0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1488

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2106

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00371EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1515

Malicious code in bioql PyPI...

3.7CVSS4.9AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5102

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0081EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1544

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2022-2416

Malicious code in bioql PyPI...

5.9CVSS6AI score0.00852EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1638

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00425EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1655

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00681EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.13 views

CVE-2023-32993

Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

4.8CVSS6.6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.5 views

CVE-2023-32991

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

8.8CVSS6.5AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.5 views

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

8.8CVSS6.8AI score0.0081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/12 3:52 p.m.12 views

CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.1.0 through 2.3.0 both inclusive allows attackers with Overall/Read permission to download a string representation of the current security realm...

6.6AI score0.00371EPSS
Exploits0References2
NVD
NVD
added 2023/05/16 5:15 p.m.30 views

CVE-2023-32995

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

8.8CVSS8.7AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 5:15 p.m.21 views

CVE-2023-32992

Missing permission checks in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

8.8CVSS8.4AI score0.00832EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 5:15 p.m.27 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

6.8CVSS8.7AI score0.0045EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.13 views

CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

4.5AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.26 views

CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

4.8AI score0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.8 views

CVE-2023-32995

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

7.1AI score0.0045EPSS
Exploits0References1
Rows per page
Query Builder