Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64131 | 1 Jenkins | 1 Saml | 2025-12-22 | N/A | 7.5 HIGH |
| Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user. | |||||
| CVE-2021-21678 | 1 Jenkins | 1 Saml | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2018-1000602 | 1 Jenkins | 1 Saml | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | |||||