Lucene search

[email protected]NVD:CVE-2023-32996

HistoryMay 16, 2023 - 5:15 p.m.

CVE-2023-32996

2023-05-1617:15:12

CWE-276

[email protected]

web.nvd.nist.gov

cve-2023-32996

jenkins

saml

single sign on

permission check

http post

json

miniorange

api

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange’s API for sending emails.

Affected configurations

Nvd

Node

jenkinssaml_single_sign-onRange≤2.0.0wordpress

VendorProductVersionCPE
jenkinssaml_single_sign-on*cpe:2.3:a:jenkins:saml_single_sign-on:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
jenkins	saml_single_sign-on	*	cpe:2.3:a:jenkins:saml_single_sign-on::::::wordpress::*

References

www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

Related for NVD:CVE-2023-32996

cve1 osv1 prion1 cvelist1 github1 nessus1