CVE-2018-1000602

2018-06-2617:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

32.0%

JSON

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.

CPENameOperatorVersion
saml-plugineqsaml-0.3
saml-plugineqsaml-1.0.3
saml-plugineqsaml-1.0.2
saml-plugineqsaml-0.4
saml-plugineqsaml-0.6
saml-plugineqsaml-1.0.1
saml-plugineqsaml-0.12
saml-plugineqsaml-0.5
saml-plugineqsaml-1.0.6
saml-plugineqsaml-1.0.0

Name	Operator	Version
saml-plugin	eq	saml-0.3
saml-plugin	eq	saml-1.0.3
saml-plugin	eq	saml-1.0.2
saml-plugin	eq	saml-0.4
saml-plugin	eq	saml-0.6
saml-plugin	eq	saml-1.0.1
saml-plugin	eq	saml-0.12
saml-plugin	eq	saml-0.5
saml-plugin	eq	saml-1.0.6
saml-plugin	eq	saml-1.0.0

Rows per page:

1-10 of 211

References

jenkins.io/security/advisory/2018-06-25/#SECURITY-916

0.001 Low

EPSS

Percentile

32.0%

JSON

Related for OSV:CVE-2018-1000602