EUVD-2022-2416

Malicious code in bioql PyPI...

CVE-2025-7045

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

CVE-2023-32994

Jenkins SAML Single Sign OnSSO Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2023-32991

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

The vulnerability of the SAML plugin for the Apache CloudStack environment management platform allows attackers to perform XXE attacks.

The vulnerability of the SAML plugin for the Apache CloudStack environment management platform is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

Jenkins SAML Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login. In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive...

GHSA-R5W3-PFQ8-3R82 Jenkins SAML Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login. In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive...

GHSA-4PJX-86PG-X4J5 Jenkins SAML Plugin Session Fixation vulnerability

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. SAML Plugin 1.0.7 invalidates the previous session during login and create...

Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Code Coverage API...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

Cross site request forgery (csrf)

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2021-21678

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2021-21678

Summary: CVE-2021-21678 affects Jenkins SAML Plugin 2.0.7 and earlier. The vulnerability arises from an extension point that disables CSRF protection for the URL users are redirected to after login, making it possible to bypass CSRF protections for any Jenkins URL. This is caused by the plugin’s ...

PT-2021-14721 · Jenkins · Jenkins Swamp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Plugin versions 1.1.3 through 2.0.7 Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive implementation of an extension poin...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...