CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2018-1000602

The CVE-2018-1000602 entry identifies a session-fixation issue in the Jenkins SAML Plugin (versions ≤ 1.0.6) affecting the SamlSecurityRealm.java flow, allowing an attacker who controls a pre-authentication session to impersonate other users. The vulnerability is specific to the SAML Plugin imple...

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

CVE-2012-2351

The vulnerability CVE-2012-2351 affects Mahara’s auth/saml plugin. In Mahara versions older than 1.4.2, the default setting for “Match username attribute to Remote username” is false, enabling a remote SAML IdP to spoof users on other IdPs by reusing the same internal username. This is a configur...