Jenkins Saml Single Sign On — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Saml Single Sign On, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-32991 — CVSS 8.8 (high): A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an…
CVE-2023-32992 — CVSS 8.8 (high): Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send…
CVE-2023-32995 — CVSS 8.8 (high): A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an…
CVE-2023-32993 — CVSS 4.8 (medium): Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the…
CVE-2023-37945 — CVSS 4.3 (medium): A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with…
CVE-2023-32994 — CVSS 3.7 (low): Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to…