Skip to main content

Saml Single Sign On

9 CVEs product

Monthly

CVE-2023-37945 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Saml Single Sign On
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32996 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Saml Single Sign On
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32995 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32994 Maven LOW PATCH Monitor

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2023-32993 Maven MEDIUM PATCH This Month

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-32992 Maven HIGH PATCH This Week

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32991 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-37843 CRITICAL Act Now

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Saml Single Sign On
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13347 HIGH This Week

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Atlassian Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Saml Single Sign On
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Saml Single Sign On
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Saml Single Sign On
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Atlassian Information Disclosure Saml Single Sign On
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy