Lucene search

GitHub Advisory DatabaseGHSA-GHPM-MGF5-CV8Q

HistoryMay 16, 2023 - 6:30 p.m.

Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability

2023-05-1618:30:16

CWE-352

GitHub Advisory Database

github.com

jenkins

saml

single sign on

cross-site request forgery

csrf

vulnerability

http

endpoint

miniorange

api

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.7%

JSON

Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange’s API for sending emails.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

SAML Single Sign On(SSO) Plugin 2.0.1 removes the affected HTTP endpoint.

Affected configurations

Vulners

Node

io.jenkins.pluginsminiorange-saml-spRange<2.0.1

VendorProductVersionCPE
io.jenkins.pluginsminiorange-saml-sp*cpe:2.3:a:io.jenkins.plugins:miniorange-saml-sp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
io.jenkins.plugins	miniorange-saml-sp	*	cpe:2.3:a:io.jenkins.plugins:miniorange-saml-sp::::::::

References

github.com/advisories/GHSA-ghpm-mgf5-cv8q

nvd.nist.gov/vuln/detail/CVE-2023-32995

www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.7%

JSON

Related for GHSA-GHPM-MGF5-CV8Q