Jenkins SAML SSO Plugin 2.1.0-2.3.0: Missing Permission Check Exposes Security Realm
CVE-2023-37945 Published on July 12, 2023

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

Vendor Advisory NVD

Products Associated with CVE-2023-37945

Want to know whenever a new CVE is published for Jenkins Saml Single Sign On? stack.watch will email you.

Jenkins Saml Single Sign On

Affected Versions

Jenkins Project Jenkins SAML Single Sign On(SSO) Plugin:

Version 2.1.0, <= 2.3.0 is affected.

Exploit Probability

EPSS

0.07%

Percentile

21.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins SAML SSO Plugin 2.1.0-2.3.0: Missing Permission Check Exposes Security RealmCVE-2023-37945 Published on July 12, 2023

Products Associated with CVE-2023-37945

Affected Versions

Exploit Probability

Jenkins SAML SSO Plugin 2.1.0-2.3.0: Missing Permission Check Exposes Security Realm
CVE-2023-37945 Published on July 12, 2023