Cross-Site Request Forgery Vulnerability in Jenkins SAML Plugin
CVE-2021-21678

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Saml Plugin
Vendor: CVE Published:; 31 August 2021

What is CVE-2021-21678?

The Jenkins SAML Plugin versions 2.0.7 and earlier contain a vulnerability that enables attackers to construct malicious URLs, gaining the ability to bypass CSRF protections on any target URL in Jenkins. This flaw potentially allows for unauthorized actions within the Jenkins environment, posing a significant risk to the integrity of web applications dependent on Jenkins for continuous integration and deployment.

Affected Version(s)

Jenkins SAML Plugin 1.1.3

Jenkins SAML Plugin <= 2.0.7

Jenkins SAML Plugin 1.1.8

References

https://www.jenkins.io/security/advisory/2021-08-31/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2021/08/31/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2021
Vulnerability Reserved
Jan 4, 2021

JSON