Saml

saml

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-64131 1Jenkins 1Saml Jun 17, 2026 Oct 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay...Show more Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user.Show less
CVE-2021-21678 1Jenkins 1Saml Jun 17, 2026 Aug 31, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVE-2018-1000602 1Jenkins 1Saml Nov 21, 2024 Jun 26, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication sessio...Show more A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.Show less