cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37945,https://securityvulnerability.io/vulnerability/CVE-2023-37945,Missing Permission Check in Jenkins SAML SSO Plugin,"The Jenkins SAML Single Sign-On (SSO) Plugin lacks a necessary permission validation, which erroneously permits users with Overall/Read access to retrieve a string representation of the current security realm. This flaw exposes sensitive configuration data, potentially leading to unauthorized access and compromised security. It is crucial for administrators to apply the latest version of the plugin to mitigate this risk.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2023-32993,https://securityvulnerability.io/vulnerability/CVE-2023-32993,Hostname Validation Flaw in Jenkins SAML Single Sign On Plugin by Jenkins,"The Jenkins SAML Single Sign On Plugin, version 2.0.2 and earlier, is susceptible to a significant security issue where it fails to validate hostnames while connecting to miniOrange or other configured Identity Providers (IdPs) for SAML metadata retrieval. This oversight could enable malicious actors to exploit the vulnerability through man-in-the-middle attacks, potentially intercepting sensitive connections and compromising the security of user authentication processes. It is crucial for users to update the plugin to mitigate this risk.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,4.8,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32994,https://securityvulnerability.io/vulnerability/CVE-2023-32994,SAML SSO Plugin Vulnerability in Jenkins by CloudBees,"The Jenkins SAML Single Sign On Plugin versions up to 2.1.0 disable SSL/TLS certificate validation for connections to miniOrange or designated Identity Providers. This flaw can be exploited through man-in-the-middle attacks, allowing malicious actors to intercept and manipulate SAML metadata retrieval processes. Organizations using this plugin are advised to review their configurations and apply the necessary security updates to mitigate potential risks.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,3.7,LOW,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32992,https://securityvulnerability.io/vulnerability/CVE-2023-32992,Missing Permission Checks in Jenkins SAML Single Sign On Plugin by Jenkins,"The Jenkins SAML Single Sign On Plugin is vulnerable due to missing permission checks, which could allow attackers with Overall/Read permission to exploit this weakness. This enables them to issue HTTP requests to user-specified URLs or parse local files on the Jenkins controller as XML. Such actions can lead to unauthorized access to sensitive data, posing a significant security risk to users.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,8.8,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32991,https://securityvulnerability.io/vulnerability/CVE-2023-32991,Cross-Site Request Forgery Vulnerability in Jenkins SAML SSO Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins SAML Single Sign On (SSO) Plugin versions up to 2.0.2. This flaw enables attackers to send crafted HTTP requests to a specified URL, leading to the unauthorized execution of actions on behalf of the user. Additionally, the vulnerability allows the parsing of XML from remote locations or local files on the Jenkins controller, potentially exposing sensitive data and enabling further attacks.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,8.8,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32996,https://securityvulnerability.io/vulnerability/CVE-2023-32996,SAML Single Sign-On Plugin Vulnerability in Jenkins,"A significant flaw exists in the SAML Single Sign-On Plugin for Jenkins, where a missing permission validation allows attackers with Overall/Read access to exploit the vulnerability. By crafting a specific HTTP POST request to miniOrange's email API, unauthorized users can manipulate the request payload, leading to potential email spoofing or leakage of sensitive information. This vulnerability highlights the critical need for proper access controls and validation to secure APIs against unauthorized exploitation.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32995,https://securityvulnerability.io/vulnerability/CVE-2023-32995,CSRF Vulnerability in Jenkins SAML Single Sign On Plugin,"A cross-site request forgery vulnerability exists in the Jenkins SAML Single Sign On Plugin 2.0.0 and earlier. This flaw allows attackers to exploit the system by sending specially crafted HTTP POST requests with a JSON body containing malicious content to miniOrange's email-sending API. This could lead to unauthorized actions being performed on behalf of legitimate users, posing a significant security risk. It is recommended that users update to the latest version to mitigate this vulnerability.",Jenkins,Jenkins Saml Single Sign On(sso) Plugin,8.8,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0