CVE-2023-32991
HIGH7.1EPSS 0.10%Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
描述
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. As the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. SAML Single Sign On(SSO) Plugin 2.1.0 requires POST requests and Overall/Administer permission for the affected HTTP endpoints.
受影響套件(1)
- Maven/io.jenkins.plugins:miniorange-saml-spfrom 0, < 2.1.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |