Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JenkinsSaml Single Sign On

2 matches found

CVE
CVEadded 2023/05/16 5:15 p.m.50 views

CVE-2023-32993

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

4.8CVSS4.9AI score0.0019EPSS
CVE
CVEadded 2023/07/12 4:15 p.m.31 views

CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

4.3CVSS4.4AI score0.00052EPSS