CVE-2018-1000602
published 2018-06-26CVE-2018-1000602: A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate…
medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_codebuild_plugin | — | — |
| jenkins | aws_codedeploy_plugin | — | — |
| jenkins | aws_codepipeline_plugin | — | — |
| jenkins | badge_plugin | — | — |
| jenkins | collabnet_plugin | — | — |
| jenkins | collabnet_plugins_plugin | — | — |
| jenkins | configuration_as_code_plugin | — | — |
| jenkins | credentials_binding_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | fortify_cloudscan_plugin | — | — |
| jenkins | openstack_cloud_plugin | — | — |
| jenkins | os_connector_plugin | — | — |
| jenkins | saml | <= 1.0.6 | — |
| jenkins | saml_plugin | — | — |
| jenkins | ssh_credentials_plugin | — | — |
| jenkins | this_feature_applies_to_connections_by_this_plugin | — | — |
| jenkins | urltrigger_plugin | — | — |