A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.
CPE | Name | Operator | Version |
---|---|---|---|
saml_single_sign_on | ge | 2.1.0 | |
saml_single_sign_on | lt | 2.3.1 |