Cross-Site Request Forgery Vulnerability in Jenkins SAML SSO Plugin
CVE-2023-32991
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 16 May 2023
What is CVE-2023-32991?
A cross-site request forgery (CSRF) vulnerability exists in the Jenkins SAML Single Sign On (SSO) Plugin versions up to 2.0.2. This flaw enables attackers to send crafted HTTP requests to a specified URL, leading to the unauthorized execution of actions on behalf of the user. Additionally, the vulnerability allows the parsing of XML from remote locations or local files on the Jenkins controller, potentially exposing sensitive data and enabling further attacks.
Affected Version(s)
Jenkins SAML Single Sign On(SSO) Plugin 0 <= 2.0.2