CVE-2023-32996

Published: May 16, 2023Modified: Jan 23, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Affected (1)

Products: Jenkins: Saml Single Sign On

1 product

Saml Single Sign On

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Saml Single Sign On	Up to 2.0.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.