34 matches found
CVE-2025-64131
Jenkins SAML Plugin 4.583.vc68232f7018a and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user...
Jenkins SAML Plugin 安全漏洞
Jenkins SAML Plugin is an open source single sign-on plugin for Jenkins. A security vulnerability exists in Jenkins SAML Plugin 4.583.vc68232f7018a and prior versions, which stems from an unimplemented replay cache, which could allow an attacker to authenticate by replaying SAML authentication...
EUVD-2023-1488
Malicious code in bioql PyPI...
EUVD-2023-2106
Malicious code in bioql PyPI...
EUVD-2023-1515
Malicious code in bioql PyPI...
EUVD-2022-5102
Malicious code in bioql PyPI...
EUVD-2023-1544
Malicious code in bioql PyPI...
EUVD-2022-2416
Malicious code in bioql PyPI...
EUVD-2023-1638
Malicious code in bioql PyPI...
EUVD-2023-1655
Malicious code in bioql PyPI...
CVE-2023-32993
Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...
CVE-2023-32991
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...
CVE-2021-21678
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...
CVE-2023-37945
A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.1.0 through 2.3.0 both inclusive allows attackers with Overall/Read permission to download a string representation of the current security realm...
CVE-2023-32995
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
CVE-2023-32992
Missing permission checks in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
CVE-2023-32996
A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
CVE-2023-32996
A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
CVE-2023-32995
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...