GHSA-xw6j-mq6v-pmv6

Опубликовано: 16 мая 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.1

Описание

Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform permission checks in multiple HTTP endpoints.

This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

As the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

SAML Single Sign On(SSO) Plugin 2.1.0 requires POST requests and Overall/Administer permission for the affected HTTP endpoints.

Ссылки

Пакеты

Наименование

io.jenkins.plugins:miniorange-saml-sp

maven

Затронутые версииВерсия исправления

< 2.1.0

2.1.0

EPSS

Процентиль: 41%

0.00187

Низкий

7.1 High

CVSS3

CVE ID

CVE-2023-32991

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-32991

CVSS3: 8.8

nvd

больше 2 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

BDU:2024-03400

CVSS3: 8.8

fstec

больше 2 лет назад

Уязвимость плагина Jenkins SAML Single Sign On(SSO), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку

EPSS

Процентиль: 41%

0.00187

Низкий

7.1 High

CVSS3

CVE ID

CVE-2023-32991

Дефекты

CWE-352